VDB
CVE-2023-5360
CVE-2023-5360
PUBLISHED
CVSS 9.800000190734863 CRITICAL
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
EPSS 93.48% · 99.8th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
93.48%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unknown | Royal Elementor Addons and Templates | 0, 0 |
| royal-elementor-addons | royal_elementor_addons | 0, 0, 0 |
Exploit Intelligence
- Wordpress CVE-2023-5360 (github-poc-repo)
- Wordpress CVE-2023-5360 (github-poc-repo)
- Wordpress CVE-2023-5360 (github-poc-repo)
- Wordpress CVE-2023-5360 (github-poc-repo)
- Wordpress CVE-2023-5360 (github-poc-repo)
- Wordpress CVE-2023-5360 (github-poc-repo)
- Wordpress CVE-2023-5360 (github-poc-repo)
- Wordpress CVE-2023-5360 (github-poc-repo)
- Royal Elementor Addons - Unauthenticated Remote Code Execution (github-poc-repo)
- Royal Elementor Addons - Unauthenticated Remote Code Execution (github-poc-repo)
…and 144 more exploits
Timeline
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 21, 1970 VulnCheck XDB Entry
- Jan 21, 1970 VulnCheck XDB Entry
- Oct 13, 2023 VulnCheck KEV Exploitation
- Oct 16, 2023 PoC Published
- Oct 17, 2023 Nuclei Template
- Oct 17, 2023 Fix Commit
- Oct 31, 2023 CVE Published