cve/2023/CVE-2023-5360.md

### [CVE-2023-5360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5360)
![](https://img.shields.io/static/v1?label=Product&message=Royal%20Elementor%20Addons%20and%20Templates&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.79%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)

### Description

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

### POC

#### Reference
- http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html
- https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34

#### Github
- https://github.com/1337r0j4n/CVE-2023-5360
- https://github.com/Chocapikk/CVE-2023-5360
- https://github.com/Chocapikk/Chocapikk
- https://github.com/Jenderal92/WP-CVE-2023-5360
- https://github.com/Pushkarup/CVE-2023-5360
- https://github.com/angkerithhack001/CVE-2023-5360-PoC
- https://github.com/nastar-id/CVE-2023-5360
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/phankz/Worpress-CVE-2023-5360
- https://github.com/phankz/phankz
- https://github.com/sagsooz/CVE-2023-5360
- https://github.com/tucommenceapousser/CVE-2023-5360
- https://github.com/vulai-huaun/VTI-comal
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-5360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5360)`
			`![](https://img.shields.io/static/v1?label=Product&message=Royal%20Elementor%20Addons%20and%20Templates&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.79%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)`

			`### Description`

			`The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`- https://github.com/1337r0j4n/CVE-2023-5360`
			`- https://github.com/Chocapikk/CVE-2023-5360`
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`- https://github.com/Chocapikk/Chocapikk`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Jenderal92/WP-CVE-2023-5360`
			`- https://github.com/Pushkarup/CVE-2023-5360`
			`- https://github.com/angkerithhack001/CVE-2023-5360-PoC`
			`- https://github.com/nastar-id/CVE-2023-5360`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/phankz/Worpress-CVE-2023-5360`
			`- https://github.com/phankz/phankz`
			`- https://github.com/sagsooz/CVE-2023-5360`
			`- https://github.com/tucommenceapousser/CVE-2023-5360`
			`- https://github.com/vulai-huaun/VTI-comal`