Lucene search
Sanjay DasWPVDB-ID:A875836D-77F4-4306-B275-2B60EFFF1493HistoryMay 02, 2023 - 12:00 a.m.
Elementor Website Builder < 3.12.2 - Admin+ SQLi
2023-05-0200:00:00
Sanjay Das
wpscan.com
98
elementor
website builder
sql injection
tools module
admin role
vulnerability
security
exploitable
0.001 Low
EPSS
Percentile
39.6%
The plugin does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
PoC
1. Go to Elementor > Tools > Replace URL 2. Fill the first field with http://localhost:8000/ 3. Fill the second field with http://localhost:8000/?test'),meta_key='key4'where+meta_id=SLEEP(2);# 4. Note the additional time taken by the request, demonstrating the SQL injection vulnerability.
Related
cvelist
cvelist
CVE-2023-0329 Elementor Website Builder < 3.12.2 - Admin+ SQLi
2023-05-30 07:49:13
exploitdb
exploitdb
Elementor Website Builder < 3.12.2 - Admin+ SQLi
2024-04-02 00:00:00
cve
cve
CVE-2023-0329
2023-05-30 08:15:09
zdt
zdt
Elementor Website Builder < 3.12.2 SQL injection Exploit
2023-11-14 00:00:00
packetstorm
packetstorm
Elementor Website Builder SQL Injection
2024-04-02 00:00:00
Elementor Website Builder SQL Injection
2023-11-13 00:00:00
prion
prion
Sql injection
2023-05-30 08:15:00
nvd
nvd
CVE-2023-0329
2023-05-30 08:15:09
wpexploit
wpexploit
Elementor Website Builder < 3.12.2 - Admin+ SQLi
2023-05-02 00:00:00
openvas
openvas
WordPress Elementor Website Builder Plugin < 3.12.2 SQLi Vulnerability
2023-06-02 00:00:00