Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload



Description
According to Jerome Bruandet, from NintechNet, the vulnerability, currently exploited by attackers, allows any logged-in user to upload and execute PHP scripts on the blog.

Chloe Chamberland from Wordfence also confirmed the issue and added that "This vulnerability is being used in conjunction with a vulnerability in Ultimate Addons for Elementor that allows for subscriber registration."
Proof of Concept The PoC will be displayed on June 07, 2020, to give users the time to update.

Affects Plugin

fixed in version 2.9.4

References

CVE 2020-13126
URL https://blog.nintechnet.com/zero-day-vulnerability-exploited-in-elementor-pro/
URL https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Original Researcher Jerome Bruandet (NinTechNet)
Views 4746
Verified No
WPVDB ID 10214

Timeline

Publicly Published 2020-05-07 (19 days ago)
Added 2020-05-07 (18 days ago)
Last Updated 2020-05-18 (7 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin