Lucene search
+L

4 matches found

nvd
nvd
added 2023/06/07 2:15 a.m.35 views

CVE-2023-3124

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...

8.8CVSS8.4AI score0.2272EPSS
Exploits2References2
osv
osv
added 2023/06/07 2:15 a.m.4 views

CVE-2023-3124

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...

8.8CVSS5.7AI score0.2272EPSS
Exploits2References2
cve
cve
added 2023/06/07 1:51 a.m.300 views

CVE-2023-3124

The CVE-2023-3124 entry concerns the WordPress Elementor Pro plugin. A missing capability check in the update_page_option function (versions up to and including 3.11.6) allows authenticated users with subscriber-level capabilities to modify arbitrary site options, enabling privilege escalation. A...

8.8CVSS8.3AI score0.2272EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2023/06/07 1:51 a.m.34 views

CVE-2023-3124 Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...

8.8CVSS8.6AI score0.2272EPSS
Exploits2References2
Rows per page
Query Builder