The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:20.759Z
Updated: 2024-12-23T16:22:16.547Z
Reserved: 2023-06-06T12:43:23.617Z
Link: CVE-2023-3124
Vulnrichment
Updated: 2024-08-02T06:48:07.384Z
NVD
Status : Modified
Published: 2023-06-07T02:15:15.970
Modified: 2024-11-21T08:16:30.680
Link: CVE-2023-3124
Redhat
No data.