Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-5360
HistoryOct 31, 2023 - 2:15 p.m.

CVE-2023-5360

2023-10-3114:15:12
CWE-434
[email protected]
web.nvd.nist.gov
wordpress plugin
security vulnerability
unauthenticated
file upload
rce
cve-2023-5360

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.911 High

EPSS

Percentile

98.9%

JSON

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

Affected configurations

NVD
Node
royal-elementor-addonsroyal_elementor_addonsRange<1.3.79wordpress

Related

cve 1
attackerkb 1
wpvulndb 2
metasploit 1
zdt 2
wordfence 2
prion 1
rapid7blog 1
githubexploit 6
cvelist 1
packetstorm 2
nuclei 1
wpexploit 2
cve
cve
CVE-2023-5360
2023-10-31 14:15:12
attackerkb
attackerkb
CVE-2023-5360
2023-10-31 00:00:00
wpvulndb
wpvulndb
Royal Elementor Addons and Templates 1.4.78 - Unauthenticated Arbitrary File Upload
2023-10-23 00:00:00
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
2023-10-09 00:00:00
metasploit
metasploit
WordPress Royal Elementor Addons RCE
2023-11-23 04:15:28
zdt
zdt
WordPress Royal Elementor Addons Remote Code Execution Exploit
2023-11-28 00:00:00
WordPress Royal Elementor 1.3.78 Shell Upload Vulnerability
2023-10-16 00:00:00
wordfence
wordfence
PSA: Critical Unauthenticated Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates Being Actively Exploited
2023-10-13 21:44:23
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)
2023-10-19 15:52:27
prion
prion
Default credentials
2023-10-31 14:15:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-12-01 18:27:19
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal Elementor Addons
2023-11-03 00:58:36
Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal Elementor Addons
2023-11-02 03:28:59
Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal Elementor Addons
2023-11-02 03:15:44
cvelist
cvelist
CVE-2023-5360 Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
2023-10-31 13:54:42
packetstorm
packetstorm
WordPress Royal Elementor Addons And Templates Remote Shell Upload
2023-11-29 00:00:00
WordPress Royal Elementor 1.3.78 Shell Upload
2023-10-16 00:00:00
nuclei
nuclei
WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload
2023-10-17 09:00:45
wpexploit
wpexploit
Royal Elementor Addons and Templates 1.4.78 - Unauthenticated Arbitrary File Upload
2023-10-23 00:00:00
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
2023-10-09 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.911 High

EPSS

Percentile

98.9%

JSON
Related for NVD:CVE-2023-5360
cve1attackerkb1wpvulndb2metasploit1zdt2wordfence2prion1rapid7blog1githubexploit6cvelist1packetstorm2nuclei1wpexploit2