CVE-2023-48777

CRITICAL EXPLOITED NUCLEI

Elementor Website Builder <3.18.1 - Unrestricted Upload

Title source: llm

Exploitation Summary

CVE-2023-48777 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including AkuCyberSec. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-48777, targeting WordPress Plugin Elementor up to version 3.18.0. The exploit leverages arbitrary file upload and path traversal vulnerabilities to achieve remote code execution (RCE) on the target system.

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

Exploits (1)

nomisec WORKING POC 7 stars

by AkuCyberSec · remote-auth

https://github.com/AkuCyberSec/Elementor-3.18.0-Upload-Path-Traversal-RCE-CVE-2023-48777

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-48777, targeting WordPress Plugin Elementor up to version 3.18.0. The exploit leverages arbitrary file upload and path traversal vulnerabilities to achieve remote code execution (RCE) on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Plugin Elementor up to 3.18.0

Auth required

Prerequisites: Valid WordPress credentials with at least Contributor privileges · Base URL of the WordPress installation · Payload file to be uploaded

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1204 - User Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

WordPress Elementor 3.18.1 - File Upload/Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDK

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve

Scores

CVSS v3 9.9

EPSS 0.0363

EPSS Percentile 88.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2023-12-08

CWE

CWE-434

Status published

Products (2)

elementor/website_builder 3.3.0 - 3.18.2

Elementor.com/Elementor Website Builder 3.3.0 - 3.18.1

Published Mar 26, 2024

Tracked Since Feb 18, 2026