CVE-2022-1329
HIGH severity · CVSS 8.8 · Unrestricted file upload
8.8CVSS HIGH
Summary
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)93%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.php ↗
Additional information
- NVD record
- https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.phpPatch
- https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.phpPatch
- http://packetstormsecurity.com/files/168615/WordPress-Elementor-3.6.2-Shell-Upload.htmlAdvisory
- https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/Advisory
- https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/Advisory
- http://packetstormsecurity.com/files/168615/WordPress-Elementor-3.6.2-Shell-Upload.htmlAdvisory
- https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/Advisory
- https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/Advisory