CVE-2023-5360
CRITICAL EXPLOITED IN THE WILD NUCLEIWordPress Royal Elementor Addons RCE
Title source: metasploitDescription
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Exploits (12)
nomisec
WORKING POC
3 stars
by tucommenceapousser · remote
https://github.com/tucommenceapousser/CVE-2023-5360
nomisec
WORKING POC
by LaviruDilshan · remote
https://github.com/LaviruDilshan/CVE-2023-5360-exploit-with-native-libraries
metasploit
WORKING POC
EXCELLENT
by Fioravante Souza, Valentin Lobstein · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb
Nuclei Templates (1)
WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload
CRITICALVERIFIEDby theamanrawat
Shodan:
http.html:/plugins/royal-elementor-addons/
FOFA:
body=/plugins/royal-elementor-addons/
Scores
CVSS v3
9.8
EPSS
0.9348
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2023-10-13
InTheWild.io
2023-10-16
CWE
CWE-434
Status
published
Products (1)
royal-elementor-addons/royal_elementor_addons
< 1.3.79
Published
Oct 31, 2023
Tracked Since
Feb 18, 2026