CVE-2023-32243
WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
9Exploited in Wild
-Decision
Descriptions
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
The Essential Addons for Elementor plugin for WordPress is vulnerable to Unauthenticated Arbitrary Password Resets to Privilege Escalation in versions up to, and including, 5.7.1. This is due to a lack of validation of a password reset key in the reset_password function. This makes it possible for unauthenticated attackers to reset the password of any user on a vulnerable site, including an administrator, if they have the email or username of the targeted account.
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-05-05 CVE Reserved
- 2023-05-11 CVE Published
- 2023-05-19 First Exploit
- 2024-12-31 EPSS Updated
- 2025-01-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
- CWE-620: Unverified Password Change
CAPEC
- CAPEC-233: Privilege Escalation
References (10)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wpdeveloper Search vendor "Wpdeveloper" | Essential Addons For Elementor Search vendor "Wpdeveloper" for product "Essential Addons For Elementor" | >= 5.4.0 < 5.7.1 Search vendor "Wpdeveloper" for product "Essential Addons For Elementor" and version " >= 5.4.0 < 5.7.1" | wordpress |
Affected
|