CVE-2023-32243
published 2023-05-12CVE-2023-32243: Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
75.95%
99.5th percentile
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpdeveloper | essential_addons_for_elementor | >= 5.4.0 < 5.7.1 | 5.7.1 |
| wpdeveloper | essential_addons_for_elementor | 5.4.0 – 5.7.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandaction=login_or_register_user&eael-resetpassword-submit=true&page_id=124&widget_id=224&eael-resetpassword-nonce={{nonce}}&eael-pass1={{password}}&eael-pass2={{password}}&rp_login={{wordpress_username}}
snort
alert http $EXTERNAL_NET any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Password Reset Attempt (CVE-2023-32243)"; flow:established,to_server; flowbits:set,ET.CVE-2023-32243; http.method; content:"POST"; http.uri; content:"admin-ajax.php"; endswith; http.request_body; content:"action"; content:"login_or_register_user"; within:28; content:"eael-resetpassword-submit"; fast_pattern; content:"true"; nocase; within:10; content:"page_id"; content:"widget_id"; content:"eael-resetpassword-nonce"; content:"eael-pass1"; content:"eael-pass2"; content:"rp_login"; reference:url,patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/; reference:cve,2023-32243; classtype:attempted-admin; sid:2045879; rev:1; metadata:affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2023_05_30, cve CVE_2023_32243, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_05_30; target:dest_ip;)
snort
alert http [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Successful Password Reset (CVE-2023-32243)"; flow:established,to_client; flowbits:isset,ET.CVE-2023-32243; http.response_body; content:"success|22 3a|true"; fast_pattern; reference:url,patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/; reference:cve,2023-32243; classtype:successful-admin; sid:2045880; rev:1; metadata:attack_target Web_Server, created_at 2023_05_30, cve CVE_2023_32243, deployment Perimeter, deployment SSLDecrypt, performance_impact Moderate, confidence High, signature_severity Critical, updated_at 2023_05_30; target:src_ip;)
- →Exploit POST body targets admin-ajax.php with the WordPress AJAX action 'login_or_register_user' combined with 'eael-resetpassword-submit=true' — monitor HTTP POST requests to this endpoint for these parameters.
- →A successful exploitation response contains the JSON string '"success":true' and '"data":' in the HTTP response body — use the Snort flowbit ET.CVE-2023-32243 to correlate request and response.
- →The nonce required for the exploit is extracted from the wp-login.php page response — a GET to /wp-login.php immediately before the malicious POST to admin-ajax.php is a strong behavioral indicator.
- →Presence of the plugin directory path in web server logs can confirm a vulnerable installation is present.
- ·The Snort rules (sid:2045879 and sid:2045880) require SSL/TLS decryption to be effective against HTTPS traffic, as indicated by the 'deployment SSLDecrypt' metadata tag.
- ·The vulnerability affects Essential Addons for Elementor versions 5.4.0 through 5.7.1 only; version 5.7.2 is patched and should not be flagged.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4xm5-cg4q-prrp: Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation
ghsa_unreviewed·2023-07-06
CVE-2023-32243 [CRITICAL] CWE-287 GHSA-4xm5-cg4q-prrp: Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
VulnCheck
wpdeveloper essential_addons_for_elementor Improper Authentication
vulncheck·2023·CVSS 9.8
CVE-2023-32243 [CRITICAL] wpdeveloper essential_addons_for_elementor Improper Authentication
wpdeveloper essential_addons_for_elementor Improper Authentication
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
Affected: wpdeveloper essential_addons_for_elementor
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.sucuri.net/2023/05/vulnerability-in-essential-addons-for-elementor-leads-to-mass-infection.html
Exploit PoC: https://vulncheck.com/xdb/df8ff21e2f02; https://vulncheck.com/xdb/1b235b4ed2c8; https://vulncheck.com/xdb/168482234293; https://vulncheck.com/xdb/96865bb10188; https://vulncheck.com/
Suricata
ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Password Reset Attempt (CVE-2023-32243)
suricata·2023-05-30·CVSS 9.8
CVE-2023-32243 [CRITICAL] ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Password Reset Attempt (CVE-2023-32243)
ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Password Reset Attempt (CVE-2023-32243)
Rule: alert http $EXTERNAL_NET any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Password Reset Attempt (CVE-2023-32243)"; flow:established,to_server; flowbits:set,ET.CVE-2023-32243; http.method; content:"POST"; http.uri; content:"admin-ajax.php"; endswith; http.request_body; content:"action"; content:"login_or_register_user"; within:28; content:"eael-resetpassword-submit"; fast_pattern; content:"true"; nocase; within:10; content:"page_id"; content:"widget_id"; content:"eael-resetpassword-nonce"; content:"eael-pass1"; content:"eael-pass2"; content:"rp_login"; reference:url,patchstack.com/articles/critical-privile
Suricata
ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Successful Password Reset (CVE-2023-32243)
suricata·2023-05-30·CVSS 9.8
CVE-2023-32243 [CRITICAL] ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Successful Password Reset (CVE-2023-32243)
ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Successful Password Reset (CVE-2023-32243)
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Successful Password Reset (CVE-2023-32243)"; flow:established,to_client; flowbits:isset,ET.CVE-2023-32243; http.response_body; content:"success|22 3a|true"; fast_pattern; reference:url,patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/; reference:cve,2023-32243; classtype:successful-admin; sid:2045880; rev:1; metadata:attack_target Web_Server, created_at 2023_05_30, cve CVE_2023_32243, deployment Perimeter, deployment SSLDecrypt, performance_impact Moderate, co
Nuclei
WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
nuclei·CVSS 9.8
CVE-2023-32243 [CRITICAL] WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
Template:
id: CVE-2023-32243
info:
name: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
author: DhiyaneshDK,Vikas Kundu
severity: critical
description: |
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
impact: |
An attacker can gain unauthorized access to user accounts and potentially take control of the affected WordPress website.
remediation: |
Update WordPress Elementor Lite plugin to the
Wiz
Crying Out Cloud - May Newsletter | Wiz
blogs_wiz·2023-06-06·CVSS 7.5
[HIGH] Crying Out Cloud - May Newsletter | Wiz
Over the last month, we've seen a couple of vulnerabilities pop up and some users have felt the impact of security incidents. We know you're busy too, so we've sifted through the noise to bring you the real game-changers, no fluff attached.
Without further ado, here are our handpicked cloud security highlights!
## ✨ Highlights
## RCE 0-day vulnerability in MOVEit Transfer exploited in the wild
On May 31, 2023, Progress published details of an RCE 0day vulnerability being exploited in-the-wild in MOVEit Transfer (CVE-2023-34362), a Windows-Server-based managed file transfer (MFT) service. Users are urgently advised to patch to the fixed version. While our own data shows MOVEit Transfer can be found in less than 1% of cloud environments, based on other reports, most publicly exposed inst
Checkpoint
22nd May – Threat Intelligence Report
blogs_checkpoint·2023-05-22
CVE-2023-32243 22nd May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 22nd May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 22nd May, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
PharMerica, a provider of pharmacy services across the U.S., disclosed a data breach impacting approximately 5.8 million of its patients. Money Message ransomware gang claimed the attack during April, and threatened to leak 4.7 TB of stolen data.
Check Point Harmony Endpoint and Threat Emulation provide protection against this thr
Checkpoint
15th May – Threat Intelligence Report
blogs_checkpoint·2023-05-15
CVE-2023-29325 15th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 15th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 15th May, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The Swedish-Swiss multinational automation company ABB has been a victim of a ransomware attack conducted by the Russian Black Basta ransomware group. The threat actors have attacked the company’s Windows Active Directory, affecting hundreds of devices. To prevent the spread of ransomware to its customers, ABB terminated VPN connec
http://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.htmlhttps://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cvehttps://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cvehttp://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.htmlhttps://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cvehttps://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
2023-05-12
Published
Exploited in the wild