Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1329: Changeset 2708766 for elementor/trunk/core/app/modules/onboarding/module.php – WordPress Plugin Repository

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.

CVE
#web#wordpress#php#rce#auth

Timestamp:

04/12/2022 07:29:58 PM (7 months ago)

KingYes

Message:

Upload v3.6.3

File:

  • elementor/trunk/core/app/modules/onboarding/module.php (3 diffs)

Legend:

Unmodified

Added

Removed

  • elementor/trunk/core/app/modules/onboarding/module.php

    r2688036

    r2708766

3

3

4

4

use Automatic\_Upgrader\_Skin;

5

 

use Elementor\\Core\\App\\Modules\\KitLibrary\\Connect\\Kit\_Library;

6

5

use Elementor\\Core\\Base\\Module as BaseModule;

7

6

use Elementor\\Core\\Common\\Modules\\Ajax\\Module as Ajax;

8

7

use Elementor\\Core\\Common\\Modules\\Connect\\Apps\\Library;

9

 

use Elementor\\Core\\Common\\Modules\\Connect\\Module as ConnectModule;

10

8

use Elementor\\Core\\Files\\Uploads\_Manager;

11

9

use Elementor\\Plugin;

…

…

 

94

92

                    'source' => 'generic',

95

93

                \] ),

 

94

                'signUp' => $library->get\_admin\_url( 'authorize', \[

 

95

                    'utm\_source' => 'onboarding-wizard',

 

96

                    'utm\_campaign' => 'connect-account',

 

97

                    'utm\_medium' => 'wp-dash',

 

98

                    'utm\_term' => self::VERSION,

 

99

                    'source' => 'generic',

 

100

                    'screen\_hint' => 'signup',

 

101

                \] ),

96

102

                'uploadPro' => Plugin::$instance->app->get\_base\_url() . '#/onboarding/uploadAndInstallPro?mode=popup',

97

103

            \],

…

…

 

436

442

                isset( $\_POST\['action'\] ) &&

437

443

                isset( $\_POST\['\_nonce'\] ) &&

438

 

                wp\_verify\_nonce( $\_POST\['\_nonce'\], Ajax::NONCE\_KEY )

 

444

                wp\_verify\_nonce( $\_POST\['\_nonce'\], Ajax::NONCE\_KEY ) &&

 

445

                current\_user\_can( 'manage\_options' )

439

446

            ) {

440

447

                $this->maybe\_handle\_ajax();

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907