Lucene search

PatchstackCVE-2023-50890

HistoryMay 17, 2024 - 9:15 a.m.

CVE-2023-50890

2024-05-1709:15:15

CWE-269

Patchstack

web.nvd.nist.gov

cve-2023-50890

improper privilege management

brainstorm force

elementor

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.

Affected configurations

Vulners

Vulnrichment

Node

brainstorm_forceultimate_addons_for_elementorRange≤1.36.20wordpress

VendorProductVersionCPE
brainstorm_forceultimate_addons_for_elementor*cpe:2.3:a:brainstorm_force:ultimate_addons_for_elementor:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
brainstorm_force	ultimate_addons_for_elementor	*	cpe:2.3:a:brainstorm_force:ultimate_addons_for_elementor::::::wordpress::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Ultimate Addons for Elementor",
    "vendor": "Brainstorm Force",
    "versions": [
      {
        "changes": [
          {
            "at": "1.36.21",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.36.20",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/ultimate-elementor/wordpress-ultimate-addons-for-elementor-plugin-1-36-20-privilege-escalation-vulnerability?_s_id=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-50890