QID 150762
Date Published: 2023-12-15
QID 150762: WordPress Elementor Plugin: Arbitrary File Upload Vulnerability (CVE-2023-48777)
Elementor is a very popular wordpress plugin, enabling web creators to build professional, pixel-perfect websites with an intuitive visual builder.
The WordPress Elementor plugin is vulnerable to remote code execution through file uploads in the template import functionality
Affected Versions:
WordPress Elementor Plugin before 3.18.2.
QID Detection Logic:
This QID sends a HTTP GET request and checks for vulnerable version of WordPress plugin running on the target application.
Successful exploitation of this vulnerability could allow an attacker to upload malicious file and execute arbitrary code on the target system.
Solution
Customers are advised to upgrade to Elementor 3.18.2 or later version to remediate this vulnerability.
Vendor References
CVEs related to QID 150762
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Elementor |
|