WordPress Plugin Vulnerabilities
Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization
Description
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmp_name' parameter . This makes it possible for authenticated attackers, with contributor-level access and above, to delete arbitrary files and inject PHP Objects through the use of a phar wrapper, both of which can lead to remote code execution.
Affects Plugins
References
Classification
Type
LFI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rhynorater
Verified
No
WPVDB ID
Timeline
Publicly Published
2024-02-07 (about 3 months ago)
Added
2024-02-09 (about 3 months ago)
Last Updated
2024-02-09 (about 3 months ago)