CVE-2023-32243
WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
7
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
The Essential Addons for Elementor plugin for WordPress is vulnerable to Unauthenticated Arbitrary Password Resets to Privilege Escalation in versions up to, and including, 5.7.1. This is due to a lack of validation of a password reset key in the reset_password function. This makes it possible for unauthenticated attackers to reset the password of any user on a vulnerable site, including an administrator, if they have the email or username of the targeted account.
*Credits:
Rafie Muhammad (Patchstack)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-05 CVE Reserved
- 2023-05-11 CVE Published
- 2023-05-24 First Exploit
- 2024-08-02 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
- CWE-620: Unverified Password Change
CAPEC
- CAPEC-233: Privilege Escalation
References (8)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wpdeveloper Search vendor "Wpdeveloper" | Essential Addons For Elementor Search vendor "Wpdeveloper" for product "Essential Addons For Elementor" | >= 5.4.0 < 5.7.1 Search vendor "Wpdeveloper" for product "Essential Addons For Elementor" and version " >= 5.4.0 < 5.7.1" | wordpress |
Affected
|