.. / CVE-2023-48777

Exploit for WordPress Elementor 3.18.1 - File Upload/Remote Code Execution (CVE-2023-48777)

Description:

The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.

Nuclei Template

View the template here CVE-2023-48777.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-48777.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-48777
https://wpscan.com/vulnerability/a6b3b14c-f06b-4506-9b88-854f155ebca9/
https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve