KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2023-32243

PUBLISHED

WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation

PoC available Remote Low complexity No user interaction
Vendor
WPDeveloper
Product
Essential Addons for Elementor
Published
May 12, 2023
EPSS
93.6% · 100% pctl

Description

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.

wordpress nuclei_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Proof of concept available

Recorded 2023-05-15 09:39:45 UTC · Source

SSVC decision points

Exploitation
none
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
Wordfence May 17, 2023

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-32243.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

shaoyu521/Mass-CVE-2023-32243

github · Created 2023-07-29 20:43:16 UTC · 2 stars

Mass-CVE-2023-32243

Jenderal92/WP-CVE-2023-32243

github · Created 2023-07-03 04:16:16 UTC · 5 stars

Wordpress CVE-2023-32243

RandomRobbieBF/CVE-2023-32243

github · Created 2023-05-15 09:39:45 UTC · 81 stars

CVE-2023-32243 - Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation

gbrsh/CVE-2023-32243

github · Created 2023-05-14 19:32:50 UTC · 3 stars

Exploit for CVE-2023-32243 - Unauthorized Account Takeover.

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Added to KEVIntel

  • Detected by Nuclei