7 matches found
Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website_Builder
CVE-2022-1329 🦠 Proyecto desarrollado por Agustín Sánchez M...
Wordpress Plugin Elementor Authenticated Upload Remote Code Execution
The WordPress plugin Elementor versions 3.6.0 - 3.6.2, inclusive have a vulnerability that allows any authenticated user to upload and execute any PHP file. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions i...
CVE-2022-1329 Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files...
CVE-2022-1329
Elementor Website Builder WordPress plugin versions 3.6.0–3.6.2 are affected by CVE-2022-1329 due to a missing capability check in core/app/modules/onboarding/module.php, enabling unauthorized execution of several AJAX actions, modification of site data, and uploading of malicious files that can ...
CVE-2022-1329
creationtimestamp| type| source ---|---|--- 2022-04-17 06:23:53+00:00| published-proof-of-concept| https://t.me/proxybar/803 2022-04-17 22:20:29+00:00| published-proof-of-concept| https://t.me/MrVGunz/120 2022-04-18 04:21:33+00:00| published-proof-of-concept| https://t.me/LearnExploit/3397...
Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website_Builder
WordPress Plugin - Elementor 3.6.0 3.6.1 3.6.2 Remote Code Exe...
WordPress Elementor 3.6.2 Remote Code Execution Vulnerability
Description: Insufficient Access Control leading to Subscriber+ Remote Code Execution Affected Plugin: Elementor Plugin Slug: elementor Plugin Developer: Elementor Affected Versions: 3.6.0 – 3.6.2 CVE ID: CVE-2022-1329 CVSS Score: 9.9Critical CVSS Vector:...