WordPress Plugin Vulnerabilities

Elementor Page Builder < 1.8.0 - Authenticated Unrestricted Editing

Description

Many AJAX actions are unsecured, allowing logged in users unrestricted access to the internal Elementor functions.

Affects Plugins

Plugin icon
elementor
Fixed in 1.8.0

References

CVE
CVE-2017-18596
URL
https://www.pritect.net/blog/elementor-page-builder-1-8-allows-logged-users-unrestricted-editing

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Submitter
James Golovich
Submitter website
https://pritect.net
Submitter twitter
Pritect
Verified
No
WPVDB ID
380cdc06-642d-4086-9ad6-d4bdbd305e71

Timeline

Publicly Published
2017-11-27 (about 6 years ago)
Added
2017-11-29 (about 6 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2021-06-28
Title
ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation
Published
2022-07-06
Title
Simple Membership < 4.1.3 - Membership Privilege Escalation
Published
2024-03-28
Title
MasterStudy LMS < 3.3.2 - Unauthenticated Privilege Escalation
Published
2023-08-08
Title
Biometric Login for WooCommerce < 1.0.4 - Unauthenticated Privilege Escalation
Published
2020-03-07
Title
Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Data Modification and Deletion