Headline
CVE-2023-0329
The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
Related news
Elementor Website Builder SQL Injection
Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability.