CVE-2023-48777 – WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability

https://notcve.org/view.php?id=CVE-2023-48777

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Elementor.Com Elementor Website Builder. Este problema afecta a Elementor Website Builder: desde 3.3.0 hasta 3.18.1. The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Remote Code Execution via file upload in all versions up to and including 3.18.1 via the template import functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files and execute code on the server. • https://github.com/AkuCyberSec/Elementor-3.18.0-Upload-Path-Traversal-RCE-CVE-2023-48777 https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •