Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-48777

CWE-434Unrestricted File Upload5 documents5 sources
Severity
8.8HIGH
EPSS
90.8%
top 0.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Elementor Website BuilderElementor.com Elementor Website Builder
Timeline
PublishedMar 26

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

NVDelementor/website_builder3.3.03.18.2
CVEListV5elementor.com/elementor_website_builder3.3.03.18.1

🔴Vulnerability Details

3
CVEList
WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability2024-03-26
GHSA
GHSA-vrwg-q62p-8qvc: Unrestricted Upload of File with Dangerous Type vulnerability in Elementor2024-03-26
VulnCheck
Elementor.Com Elementor Website Builder Unrestricted Upload of File with Dangerous Type Vulnerability2023

💥Exploits & PoCs

1
Nuclei
WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
CVE-2023-48777 (HIGH CVSS 8.8) | Unrestricted Upload of File with Da | cvebase.io