What is CVE-2023-3295?

CVE-2023-3295 is a high-severity vulnerability in Unitecms Unlimited Elements For Elementor, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2023-06-17.

How severe is CVE-2023-3295?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2023-3295 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Unitecms Unlimited Elements For Elementor

CVE-2023-3295

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1…

Vulnerability class: Unrestricted File Upload

EPSS: 0.065 (91.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Unitecms Unlimited Elements For Elementor — versions 0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

20142995/nuclei-templates

References

Frequently asked questions

What is CVE-2023-3295?: CVE-2023-3295 is a high-severity vulnerability in Unitecms Unlimited Elements For Elementor, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2023-06-17.
How severe is CVE-2023-3295?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2023-3295 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.