KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2023-5360

PUBLISHED

Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload

PoC available Remote Low complexity No user interaction
Vendor
Unknown
Product
Royal Elementor Addons and Templates
Published
Oct 31, 2023
EPSS
93.1% · 100% pctl

Description

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

wordpress php nuclei_scanner metasploit

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Proof of concept available

Recorded 2023-11-02 03:15:44 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
Wordfence Oct 13, 2023

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb Apr 28, 2025
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-5360.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

wp_royal_elementor_addons_rce

metasploit · Created Unknown

Metasploit module for CVE-2023-5360

Pushkarup/CVE-2023-5360

github · Created 2023-11-05 18:02:59 UTC · 4 stars

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

tucommenceapousser/CVE-2023-5360

github · Created 2023-11-02 03:28:59 UTC · 3 stars

Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (< 1.3.79). CVE-ID: CVE-2023-5360.

Chocapikk/CVE-2023-5360

github · Created 2023-11-02 03:15:44 UTC · 9 stars

Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (< 1.3.79). CVE-ID: CVE-2023-5360.

phankz/Worpress-CVE-2023-5360

github · Created 2023-10-26 06:56:48 UTC · 15 stars

sagsooz/CVE-2023-5360

github · Created 2023-10-21 10:51:08 UTC · 3 stars

CVE-2023-5360 Auto Shell Upload WordPress Royal Elementor 1.3.78 Shell Upload

Timeline

  • CVE ID Reserved

  • Added to KEVIntel

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Detected by Metasploit