CVE-2023-47504

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
7.8%
top 8.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elementor Website BuilderElementor Elementor Website Builder
Timeline
PublishedApr 24

Description

Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5elementor/elementor_website_buildern/a3.16.4

🔴Vulnerability Details

2
GHSA
GHSA-4vqm-wcg3-r4cm: Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs2024-04-24
CVEList
WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability2024-04-24
CVE-2023-47504 (CRITICAL CVSS 9.8) | Improper Authentication vulnerabili | cvebase.io