CVE-2023-47178 – WordPress The Plus Addons for Elementor Pro plugin <= 5.2.8 - Unauthenticated Local File Inclusion vulnerability

https://notcve.org/view.php?id=CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8. Limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en POSIMYTH Innovation The Plus Addons para Elementor Pro permite la inclusión de archivos locales PHP. Este problema afecta a The Plus Addons para Elementor Pro: desde n/a hasta 5.2.8. The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.2.8 via an unknown parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/theplus_elementor_addon/wordpress-the-plus-addons-for-elementor-pro-plugin-5-2-8-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •