{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5360", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-10-03T13:30:26.067Z", "datePublished": "2023-10-31T13:54:42.111Z", "dateUpdated": "2024-08-02T07:59:44.302Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-10-31T13:54:42.111Z"}, "title": "Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload", "problemTypes": [{"descriptions": [{"description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Royal Elementor Addons and Templates", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "1.3.79"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE."}], "references": [{"url": "https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34", "tags": ["exploit", "vdb-entry", "technical-description"]}, {"url": "http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html"}], "credits": [{"lang": "en", "value": "Fioravante Souza", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.302Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "375665EA-8AA1-4209-977B-3381B517CC0F", "versionEndExcluding": "1.3.79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE."}, {"lang": "es", "value": "El complemento Royal Elementor Addons and Templates de WordPress anterior a 1.3.79 no valida correctamente los archivos cargados, lo que podr\u00eda permitir a usuarios no autenticados cargar archivos arbitrarios, como PHP y lograr RCE."}], "id": "CVE-2023-5360", "lastModified": "2023-11-29T15:15:10.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-31T14:15:12.773", "references": [{"source": "contact@wpscan.com", "url": "http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}