CVE-2023-3124 PoC — WordPress Plugin Elementor Pro 安全漏洞

Source

https://github.com/AmirWhiteHat/CVE-2023-3124

Associated Vulnerability

Title:WordPress Plugin Elementor Pro 安全漏洞 (CVE-2023-3124)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Elementor Pro 存在安全漏洞，该漏洞源于缺少对 update_page_option 函数的功能检查，容易受到未经授权的数据修改。

Description

CVE-2023-3124 PoC

Readme

# CVE-2023-3124
CVE-2023-3124 Proof of Concept

This is a proof of concept (PoC) exploit for CVE-2023-3124, a vulnerability in WordPress Elementor Pro plugin.

- Description:
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.

- Note:
This high-level overview is for educational purposes only. Understanding the vulnerability and its impact can help improve security practices and develop effective defenses against similar attacks.

File Snapshot


 [4.0K]  /data/pocs/5be9800ce19f8e0ca5672ce10bb4292af7bb4178
├── [5.1K]  PoC.py
├── [ 740]  README.md
└── [  22]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!