{"uuid": "d5b8e8ce-020b-48b7-a4f4-2954d039ebdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-32243", "type": "published-proof-of-concept", "source": "https://t.me/ev1l_store/607", "content": "LETEST CVE-2023-32243 \ud83d\udd25\n\nEssential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation\n\nInfo :\n\nThe plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them\n\nExploit Details :\n\nhttps://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/\n\nusage: exploit.py [-h] -u URL -p PASSWORD [-usr USERNAME]\n\noptions :\n\n\u00a0 -h, --help\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 show this help message and exit\n\n\u00a0 -u URL, --url URL\u00a0\u00a0\u00a0\u00a0 URL of the WordPress site\n\n\u00a0 -p PASSWORD, --password PASSWORD Password to set for the selected username\n\n-usr USERNAME \n\n--username USERNAME\nUsername of the user to reset if you already know it.\n\nJoin : @ev1l_store @error_troops", "creation_timestamp": "2023-05-24T13:21:00.000000Z"}