漏洞描述
Elementor存在远程代码执行漏洞,此漏洞是~/core/app/modules/onboarding/module.php文件中缺少功能检查导致的。
Elementor远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- WordPress plugin Events Addon for Elementor 跨站脚本漏洞
- POC CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
- POC CVE-2025-24752: Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting
- POC CVE-2021-24351: WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting
- POC CVE-2021-24358: Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
- POC CVE-2021-24891: WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
- POC CVE-2022-1329: Elementor Website Builder - Remote Code Execution
- POC CVE-2022-29455: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
- POC CVE-2023-32243: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
- POC CVE-2023-48777: WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
- POC CVE-2023-5360: WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload
- POC CVE-2024-9935: PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download
- POC CVE-2021-24175: The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass