Lucene search
K

WordPress Elementor Website Builder Plugin < 3.12.2 SQLi Vulnerability

🗓️ 02 Jun 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 15 Views

WordPress Elementor Website Builder Plugin < 3.12.2 SQL Injection Vulnerability. SQLi exploit via Replace URL parameter in Tools module

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Elementor Website Builder < 3.12.2 SQL injection Exploit
14 Nov 202300:00
zdt
CNNVD
WordPress plugin Elementor Website Builder SQL注入漏洞
30 May 202300:00
cnnvd
CVE
CVE-2023-0329
30 May 202307:49
cve
Cvelist
CVE-2023-0329 Elementor Website Builder < 3.12.2 - Admin+ SQLi
30 May 202307:49
cvelist
Exploit DB
Elementor Website Builder &lt; 3.12.2 - Admin+ SQLi
2 Apr 202400:00
exploitdb
EUVD
EUVD-2023-12390
3 Oct 202520:07
euvd
NVD
CVE-2023-0329
30 May 202308:15
nvd
OSV
CVE-2023-0329
30 May 202308:15
osv
Packet Storm
Elementor Website Builder SQL Injection
13 Nov 202300:00
packetstorm
Packet Storm
Elementor Website Builder SQL Injection
2 Apr 202400:00
packetstorm
Rows per page
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:elementor:website_builder";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126401");
  script_version("2024-06-27T05:05:29+0000");
  script_tag(name:"last_modification", value:"2024-06-27 05:05:29 +0000 (Thu, 27 Jun 2024)");
  script_tag(name:"creation_date", value:"2023-06-02 10:52:22 +0000 (Fri, 02 Jun 2023)");
  script_tag(name:"cvss_base", value:"8.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:M/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-06-03 04:18:00 +0000 (Sat, 03 Jun 2023)");

  script_cve_id("CVE-2023-0329");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("WordPress Elementor Website Builder Plugin < 3.12.2 SQLi Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_plugin_http_detect.nasl");
  script_mandatory_keys("wordpress/plugin/elementor/detected");

  script_tag(name:"summary", value:"The WordPress plugin 'Elementor Website Builder' is prone to an
  SQL injection (SQLi) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The plugin does not properly sanitize and escape the Replace
  URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection
  exploitable by users with the Administrator role.");

  script_tag(name:"affected", value:"WordPress Elementor Website Builder plugin prior to version 3.12.2.");

  script_tag(name:"solution", value:"Update to version 3.12.2 or later.");

  script_xref(name:"URL", value:"https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_less(version: version, test_version: "3.12.2")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "3.12.2", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation