What is CVE-2023-5360?

CVE-2023-5360 is a vulnerability in Royal Elementor Addons And Templates, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2023-10-31.

Is CVE-2023-5360 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Royal Elementor Addons And Templates

CVE-2023-5360

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

EPSS: 0.935 (99.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Royal Elementor Addons And Templates — versions 0

Public proof-of-concept exploits

References

wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34 (exploit, vdb-entry, technical-description)
packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templ…

Frequently asked questions

What is CVE-2023-5360?: CVE-2023-5360 is a vulnerability in Royal Elementor Addons And Templates, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2023-10-31.
Is CVE-2023-5360 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.