CVE-2023-5360: Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
First published: Tue Oct 31 2023(Updated: )
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Royal Elementor Addons | <1.3.79 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-5360.
What is the severity level of CVE-2023-5360?
The severity level of CVE-2023-5360 is critical.
How does CVE-2023-5360 affect the Royal Elementor Addons and Templates plugin?
CVE-2023-5360 allows unauthenticated users to upload arbitrary files, such as PHP, and achieve remote code execution in the Royal Elementor Addons and Templates plugin before version 1.3.79.
What is the affected software and version for CVE-2023-5360?
The affected software for CVE-2023-5360 is Royal Elementor Addons and Templates plugin, version up to but excluding 1.3.79.
How can the vulnerability be fixed?
To fix CVE-2023-5360, users should update the Royal Elementor Addons and Templates plugin to version 1.3.79 or later.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/royal-elementor-addons
- canonical/royal elementor addons