CVE-2020-7055
Elementor Website Builder <= 2.7.4 - Arbitrary File Upload
Severity Score
9.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.
Se descubrió un problema en Elementor versión 2.7.4. Una carga de archivos arbitraria es posible en la función Elementor Import Templates, lo que permite a un atacante ejecutar código por medio de un archivo ZIP especialmente diseñado.
The Elementor Website Builder plugin for WordPress is vulnerable to arbitrary file upload by subscriber level users and above due to missing authorization on the Import Templates function, which makes it possible for attackers to gain remote code execution. This affects versions up to 2.7.5.
*Credits:
Sam Thomas,Kyle Fleming
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-10-28 CVE Published
- 2020-01-14 CVE Reserved
- 2023-08-26 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
- CWE-862: Missing Authorization
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://pentest.co.uk/labs/advisory/cve-2020-7055 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://pentest.co.uk/labs/vulnerability-disclosure-cve-2020-7055 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Elementor Search vendor "Elementor" | Elementor Page Builder Search vendor "Elementor" for product "Elementor Page Builder" | <= 2.7.4 Search vendor "Elementor" for product "Elementor Page Builder" and version " <= 2.7.4" | wordpress |
Affected
|