CVE-2023-5360
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 03, 2023
- Published Date
- October 31, 2023
- Last Updated
- February 13, 2025
- Vendor
- Unknown
- Product
- Royal Elementor Addons and Templates
- Description
- The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
- Tags
- Score
- 93.12% (Percentile: 99.78%) as of 2025-05-12
- Exploited in the Wild
- Yes (2023-10-13 14:44:23 UTC) Source
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| Wordfence | 2023-10-13 14:44:23 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb | 2025-04-29 11:01:25 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-5360.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
wp_royal_elementor_addons_rce
Type: metasploit • Created: Unknown
Pushkarup/CVE-2023-5360
Type: github • Created: 2023-11-05 18:02:59 UTC • Stars: 4
tucommenceapousser/CVE-2023-5360
Type: github • Created: 2023-11-02 03:28:59 UTC • Stars: 3
Chocapikk/CVE-2023-5360
Type: github • Created: 2023-11-02 03:15:44 UTC • Stars: 9
phankz/Worpress-CVE-2023-5360
Type: github • Created: 2023-10-26 06:56:48 UTC • Stars: 15
sagsooz/CVE-2023-5360
Type: github • Created: 2023-10-21 10:51:08 UTC • Stars: 3
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public
-
Detected by Nuclei
-
Detected by Metasploit