Elementor Page Builder <= 1.7.12 - Authenticated Unrestricted Editing



Description
Many AJAX actions are unsecured, allowing logged in users unrestricted access to the internal Elementor functions.

Affects Plugin

fixed in version 1.8.0

References

CVE 2017-18596
URL http://www.pritect.net/blog/elementor-page-builder-1-8-allows-logged-users-unrestricted-editing

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Submitter James Golovich
Submitter Website https://pritect.net
Submitter Twitter Pritect
Views 8338
Verified No
WPVDB ID 8965

Timeline

Publicly Published 2017-11-27 (over 2 years ago)
Added 2017-11-29 (over 2 years ago)
Last Updated 2019-11-28 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin