Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-1329

Published: 19/04/2022 Updated: 26/05/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Website Builder

Vulnerability Summary

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for malicious users to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

elementor website builder

Vendor Advisories

Check Point Security Alerts: WordPress Elementor Website Builder Plugin Remote Code Execution (CVE-2022-1329)
Check Point Reference: CPAI-2022-1928 Date Published: 20 Nov 2023 Severity: High ...

Github Repositories

https://github.com/Grazee/CVE-2022-1329-WordPress-Elementor-RCE

CVE-2022-1329-WordPress-Elementor-RCE This poc is based on the one of AkuCyberSec 中文版本 Usage Use docker-compose to start the vuln environment: docker-compose up -d Then you can access the WordPress Admin page with URL localhost:8000 Register the admin user, and add a no-admin user in the Users tag For example, there are t

https://github.com/mcdulltii/CVE-2022-1329

WordPress Elementor 3.6.0 3.6.1 3.6.2 RCE POC

WP Elementor 360/1/2 Remote Code Execution Google Dork: none Date: April 16 2022 Exploit Author: AkuCyberSec (githubcom/AkuCyberSec) Vendor Homepage: elementorcom/ Software Link: wordpressorg/plugins/elementor/advanced/ (scroll down to select the version) Version: 360, 361, 362 Tested on: WordPress 593 (os-independent since this exploit does

https://github.com/AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit

WordPress Plugin - Elementor 360 361 362 Remote Code Execution Google Dork: none Date: April 16 2022 Exploit Author: AkuCyberSec (githubcom/AkuCyberSec) Vendor Homepage: elementorcom/ Software Link: wordpressorg/plugins/elementor/advanced/ (scroll down to select the version) Version: 360, 361, 362 Tested on: WordPress 593 (os-independent

References

CWE-434CWE-862https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.phphttps://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/http://packetstormsecurity.com/files/168615/WordPress-Elementor-3.6.2-Shell-Upload.htmlhttps://nvd.nist.govhttps://github.com/Grazee/CVE-2022-1329-WordPress-Elementor-RCEhttps://github.com/mcdulltii/CVE-2022-1329https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2022-1928.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook