module
Wordpress Plugin Elementor Authenticated Upload Remote Code Execution
| Disclosed |
|---|
| Mar 29, 2022 |
Disclosed
Mar 29, 2022
Description
The WordPress plugin Elementor versions 3.6.0 - 3.6.2, inclusive have a vulnerability
that allows any authenticated user to upload and execute any PHP file. This is achieved
by sending a request to install Elementor Pro from a user supplied zip file.
Any user with Subscriber or more permissions is able to execute this.
Tested against Elementor 3.6.1
that allows any authenticated user to upload and execute any PHP file. This is achieved
by sending a request to install Elementor Pro from a user supplied zip file.
Any user with Subscriber or more permissions is able to execute this.
Tested against Elementor 3.6.1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.