module
Wordpress Plugin Elementor Authenticated Upload Remote Code Execution
| Disclosed | Created |
|---|---|
| 03/29/2022 | 10/04/2022 |
Disclosed
03/29/2022
Created
10/04/2022
Description
The WordPress plugin Elementor versions 3.6.0 - 3.6.2, inclusive have a vulnerability
that allows any authenticated user to upload and execute any PHP file. This is achieved
by sending a request to install Elementor Pro from a user supplied zip file.
Any user with Subscriber or more permissions is able to execute this.
Tested against Elementor 3.6.1
that allows any authenticated user to upload and execute any PHP file. This is achieved
by sending a request to install Elementor Pro from a user supplied zip file.
Any user with Subscriber or more permissions is able to execute this.
Tested against Elementor 3.6.1
Authors
Ramuel GallAkuCyberSech00die
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/multi/http/wp_plugin_elementor_auth_upload_rce
msf /(e) > show actions
...actions...
msf /(e) > set ACTION < action-name >
msf /(e) > show options
...show and set options...
msf /(e) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.