nvd-json-data-feeds/CVE-2023/CVE-2023-53xx/CVE-2023-5360.json

{
  "id": "CVE-2023-5360",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2023-10-31T14:15:12.773",
  "lastModified": "2023-11-29T15:15:10.100",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE."
    },
    {
      "lang": "es",
      "value": "El complemento Royal Elementor Addons and Templates de WordPress anterior a 1.3.79 no valida correctamente los archivos cargados, lo que podr\u00eda permitir a usuarios no autenticados cargar archivos arbitrarios, como PHP y lograr RCE."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "1.3.79",
              "matchCriteriaId": "375665EA-8AA1-4209-977B-3381B517CC0F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html",
      "source": "contact@wpscan.com"
    },
    {
      "url": "https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}