Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
Title source: llmExploitation Summary
CVE-2022-1329 has been observed exploited in the wild (reported by VulnCheck KEV).
EIP tracks 7 public exploits from researchers including AkuCyberSec, mcdulltii, Grazee, including a Metasploit module exploits/multi/http/wp_plugin_elementor_auth_upload_rce.
A Nuclei detection template is also available.
AI-analyzed exploit summary This is a functional exploit for CVE-2022-1329, targeting a broken access control vulnerability in WordPress Elementor versions 3.6.0-3.6.2. It allows authenticated users to upload and execute arbitrary PHP files by exploiting the `elementor_upload_and_install_pro` AJAX action.
Description
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
Exploits (7)
This is a functional exploit for CVE-2022-1329, targeting a broken access control vulnerability in WordPress Elementor versions 3.6.0-3.6.2. It allows authenticated users to upload and execute arbitrary PHP files by exploiting the `elementor_upload_and_install_pro` AJAX action.
This is a functional exploit for CVE-2022-1329, targeting a broken access control vulnerability in Elementor WordPress plugin versions 3.6.0-3.6.2. It allows authenticated users to upload and execute arbitrary PHP files via a crafted ZIP archive.
This repository contains a Python-based PoC for CVE-2022-1329, an authenticated RCE vulnerability in WordPress Elementor versions 3.6.0-3.6.2. The exploit leverages broken access control to upload and execute a malicious ZIP file containing a PHP payload via the Elementor plugin's AJAX handler.
This repository provides a detailed writeup and instructions for exploiting CVE-2022-1329 in WordPress 6.1.1 with Elementor 3.6.1, followed by privilege escalation using Dirty Pipe (CVE-2022-0847) on Ubuntu 20.04 with Kernel 5.9.12. It includes setup, exploitation steps, and privilege escalation guidance.
This is a functional exploit for CVE-2022-1329, targeting a vulnerability in the Elementor WordPress plugin (versions 3.6.0-3.6.2) that allows authenticated users to upload and execute arbitrary PHP files via a flawed AJAX handler. The PoC includes authentication, nonce retrieval, and payload upload steps but does not include an actual payload.
This repository provides a detailed writeup and references for CVE-2022-1329, a vulnerability in the Elementor Website Builder plugin for WordPress. The vulnerability allows unauthorized execution of AJAX actions due to a missing capability check, potentially leading to remote code execution.
This Metasploit module exploits an authenticated file upload vulnerability in WordPress Elementor plugin (CVE-2022-1329), allowing RCE by uploading a malicious PHP file disguised as an Elementor Pro plugin. It requires valid credentials and leverages a nonce for CSRF protection bypass.
Nuclei Templates (1)
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H