CVE-2023-5360

2023-10-3114:15:12

CWE-434

[email protected]

web.nvd.nist.gov

105

In Wild

cve-2023-5360

royal elementor

wordpress plugin

file upload vulnerability

rce

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.911 High

EPSS

Percentile

98.9%

JSON

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

Affected configurations

Vulners

NVD

Node

royal-elementor-addonsroyal_elementor_addonsRange<1.3.79

VendorProductVersionCPE
royal\-elementor\-addonsroyal_elementor_addons*cpe:2.3:a:royal\-elementor\-addons:royal_elementor_addons:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
royal\-elementor\-addons	royal_elementor_addons	*	cpe:2.3:a:royal\-elementor\-addons:royal_elementor_addons::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Royal Elementor Addons and Templates",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.79"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]