Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-48777 PoC — WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-48777.yaml
Associated Vulnerability
Title:WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability (CVE-2023-48777)
Description:Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.
Description
The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.
File Snapshot

 id: CVE-2023-48777

info:
  name: WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
  a

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →