Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-1329 PoC — Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution

Source
https://github.com/dexit/CVE-2022-1329
Associated Vulnerability
Title:Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution (CVE-2022-1329)
Description:The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
Description
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to o CVE project by @Sn0wAlice
Readme
# CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.

| authentication | complexity | vector |
| --- | --- | --- |
| SINGLE | LOW | NETWORK |

| confidentiality | integrity | availability |
| --- | --- | --- |
| PARTIAL | PARTIAL | PARTIAL |

## CVSS Score: **6.5**

## References

* https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.php

* https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/

* https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/

* http://packetstormsecurity.com/files/168615/WordPress-Elementor-3.6.2-Shell-Upload.html

## Brut File

* [CVE-2022-1329.json](./data_brut.json)

## External Repositories

| Name | Link |
| --- | --- |
| CVE-2022-1329 | [CVE-2022-1329](https://github.com/mcdulltii/CVE-2022-1329) |
| CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit | [CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit](https://github.com/AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit) |
| CVE-2022-1329-WordPress-Elementor-RCE | [CVE-2022-1329-WordPress-Elementor-RCE](https://github.com/Grazee/CVE-2022-1329-WordPress-Elementor-RCE) |


## About this repository
This repository is part of the project [Live Hack CVE](https://github.com/Live-Hack-CVE). Made by [Sn0wAlice](https://github.com/Sn0wAlice) for the people that care about security and need to have a feed of the latest CVEs. Hope you enjoy it, don't forget to star the repo and follow me on [Twitter](https://twitter.com/Sn0wAlice) and [Github](https://github.com/Sn0wAlice)
File Snapshot

 [4.0K]  /data/pocs/55d359b632ca7a716c0f99841abd898b249e9ec3
├── [1.7K]  data_brut.json
└── [2.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →