Elementor Page Builder <= 1.7.12 - Authenticated Unrestricted Editing



Description
Many AJAX actions are unsecured, allowing logged in users unrestricted access to the internal Elementor functions.

Affects Plugin

fixed in version 1.8.0

References

CVE 2017-18596
URL http://www.pritect.net/blog/elementor-page-builder-1-8-allows-logged-users-unrestricted-editing

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Submitter James Golovich
Submitter Website https://pritect.net
Submitter Twitter Pritect
Views 6486
Verified No
WPVDB ID 8965

Timeline

Publicly Published 2017-11-27 (almost 2 years ago)
Added 2017-11-29 (almost 2 years ago)
Last Updated 2019-09-10 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin