The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.
History

Fri, 10 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-05-30T07:49:18.666Z

Updated: 2025-01-10T20:54:41.785Z

Reserved: 2023-01-23T14:36:37.628Z

Link: CVE-2023-0443

cve-icon Vulnrichment

Updated: 2024-08-02T05:10:56.330Z

cve-icon NVD

Status : Modified

Published: 2023-05-30T08:15:09.460

Modified: 2025-01-10T21:15:09.380

Link: CVE-2023-0443

cve-icon Redhat

No data.