Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Essential Addons for Elementor Security Bypass (5.7.1)

Description

WordPress Plugin Essential Addons for Elementor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset the password of any user, including administrator. WordPress Plugin Essential Addons for Elementor versions 5.4.0 - 5.7.1 are vulnerable.

Remediation

Update to plugin version 5.7.2 or latest

References

https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/

https://github.com/RandomRobbieBF/CVE-2023-32243

https://plugins.svn.wordpress.org/essential-addons-for-elementor-lite/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Cross-Site Scripting Vulnerabilities (2.0.27)

Apache HTTP Server Other Vulnerability (CVE-2004-1082)

Python Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)

WordPress 4.3 Multiple Vulnerabilities (0.7 - 4.3)

WordPress Plugin JS Support Ticket Unspecified Vulnerability (1.1.1)

Severity

High

Classification

CVE-2023-32243 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass