Description
The WordPress plugin Elementor versions 3.6.0 - 3.6.2, inclusive have a vulnerability that allows any authenticated user to upload and execute any PHP file. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this. Tested against Elementor 3.6.1
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/http/wp_plugin_elementor_auth_upload_rcemsf undefined(wp_plugin_elementor_auth_upload_rce) > show actions ...actions...msf undefined(wp_plugin_elementor_auth_upload_rce) > set ACTION < action-name >msf undefined(wp_plugin_elementor_auth_upload_rce) > show options ...show and set options...msf undefined(wp_plugin_elementor_auth_upload_rce) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub