Description
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- WPDeveloper / Essential Addons for Elementor5.4.0 – 5.7.1
Exploits & PoCs
- nucleiWordPress Elementor Lite 5.7.1 - Arbitrary Password Resetby DhiyaneshDK,Vikas Kundu
References
- MISChttps://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
- MISChttps://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cve
- EXPLOIThttp://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.html