Lucene search

PatchstackCVELIST:CVE-2023-32245

HistoryNov 18, 2023 - 10:32 p.m.

CVE-2023-32245 WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)

2023-11-1822:32:56

CWE-352

Patchstack

www.cve.org

wordpress

elementor pro

vulnerable plugin

ssrf

csrf

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Essential Addons for Elementor Pro",
    "vendor": "WPDeveloper",
    "versions": [
      {
        "changes": [
          {
            "at": "5.4.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.4.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/essential-addons-elementor/wordpress-essential-addons-for-elementor-pro-plugin-5-4-8-unauthenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for CVELIST:CVE-2023-32245