Security Advisory

CVE-2023-0329

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-30 07:49:13

Last updated 2025-04-23 16:21:31

Assigner WPScan

State PUBLISHED

Description

The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.

← Browse all CVEs View on cve.org ↗