CVE-2023-5360

Name of the Vulnerable Software and Affected Versions Royal Elementor Addons and Templates versions prior to 1.3.79

Description The issue is related to unlimited file upload of dangerous types. Exploitation of this issue may allow a remote attacker to execute arbitrary code by uploading a specially crafted PHP file. Unauthenticated users can upload arbitrary files, such as PHP, which could lead to remote code execution. Over 46K attacks have been blocked in a month, indicating the severity of the issue.

Recommendations For versions prior to 1.3.79, update to version 1.3.79 to protect the WordPress website and perform website cleanup to remove malicious files. As a temporary workaround, consider restricting access to the file upload functionality until the issue is resolved. Avoid using the vulnerable plugin until the issue is fixed by updating to the latest version. At the moment, there is no other information about additional mitigation measures.