Lucene search
HistoryMay 30, 2023 - 8:15 a.m.
CVE-2023-0443
cve-2023-0443
freemius secret key
pro subscription
test credit card numbers
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
31.2%
The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.
Affected configurations
Node
wpvibesanywhere_elementorRange<1.2.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpvibes | anywhere_elementor | * | cpe:2.3:a:wpvibes:anywhere_elementor:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2023-0443 AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure
2023-05-30 07:49:18
wpvulndb
wpvulndb
AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure
2023-05-02 00:00:00
cve
cve
CVE-2023-0443
2023-05-30 08:15:09
prion
prion
Design/Logic Flaw
2023-05-30 08:15:00
wpexploit
wpexploit
AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure
2023-05-02 00:00:00
wordfence
wordfence
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
31.2%
Related for NVD:CVE-2023-0443