| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| Elementor Website Builder < 3.12.2 SQL injection Exploit | 14 Nov 202300:00 | – | zdt | |
| WordPress plugin Elementor Website Builder SQL注入漏洞 | 30 May 202300:00 | – | cnnvd | |
| CVE-2023-0329 | 30 May 202307:49 | – | cve | |
| CVE-2023-0329 Elementor Website Builder < 3.12.2 - Admin+ SQLi | 30 May 202307:49 | – | cvelist | |
| Elementor Website Builder < 3.12.2 - Admin+ SQLi | 2 Apr 202400:00 | – | exploitdb | |
| EUVD-2023-12390 | 3 Oct 202520:07 | – | euvd | |
| CVE-2023-0329 | 30 May 202308:15 | – | nvd | |
| CVE-2023-0329 | 30 May 202308:15 | – | osv | |
| Elementor Website Builder SQL Injection | 13 Nov 202300:00 | – | packetstorm | |
| Elementor Website Builder SQL Injection | 2 Apr 202400:00 | – | packetstorm |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:elementor:website_builder";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.126401");
script_version("2024-06-27T05:05:29+0000");
script_tag(name:"last_modification", value:"2024-06-27 05:05:29 +0000 (Thu, 27 Jun 2024)");
script_tag(name:"creation_date", value:"2023-06-02 10:52:22 +0000 (Fri, 02 Jun 2023)");
script_tag(name:"cvss_base", value:"8.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:M/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-06-03 04:18:00 +0000 (Sat, 03 Jun 2023)");
script_cve_id("CVE-2023-0329");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("WordPress Elementor Website Builder Plugin < 3.12.2 SQLi Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_wordpress_plugin_http_detect.nasl");
script_mandatory_keys("wordpress/plugin/elementor/detected");
script_tag(name:"summary", value:"The WordPress plugin 'Elementor Website Builder' is prone to an
SQL injection (SQLi) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The plugin does not properly sanitize and escape the Replace
URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection
exploitable by users with the Administrator role.");
script_tag(name:"affected", value:"WordPress Elementor Website Builder plugin prior to version 3.12.2.");
script_tag(name:"solution", value:"Update to version 3.12.2 or later.");
script_xref(name:"URL", value:"https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "3.12.2")) {
report = report_fixed_ver(installed_version: version, fixed_version: "3.12.2", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation