CVE-2023-0443

Name of the Vulnerable Software and Affected Versions AnyWhere Elementor WordPress plugin versions prior to 1.2.8

Description The issue allows an attacker to obtain a Freemius Secret Key, which could be used to purchase the pro subscription using test credit card numbers without actually paying the amount. The key in question has been revoked.

Recommendations For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's subscription functionality until the update is applied.