PT-2023-24098 · Elementor · Unlimited Elements For Elementor
Chloe Chamberland
+1
·
Published
2023-06-17
·
Updated
2024-10-14
·
CVE-2023-3295
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
The Unlimited Elements For Elementor versions up to, and including, 1.5.66
Description
The issue is related to arbitrary file uploads due to missing file type validation in the file manager functionality. This allows authenticated attackers with contributor-level permissions and above to upload arbitrary files on the affected site's server, potentially enabling remote code execution.
Recommendations
For versions up to, and including, 1.5.66, update to version 1.5.67 to fully patch the issue.
As a temporary workaround, consider restricting file uploads in the file manager functionality until the issue is resolved.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unlimited Elements For Elementor