4 matches found
CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...
CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...
CVE-2023-3124
The CVE-2023-3124 entry concerns the WordPress Elementor Pro plugin. A missing capability check in the update_page_option function (versions up to and including 3.11.6) allows authenticated users with subscriber-level capabilities to modify arbitrary site options, enabling privilege escalation. A...
CVE-2023-3124 Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...