Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.935
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2022-1329


Contact Us

Shodan ® - All rights reserved