CVE-2023-0443

Published: May 30, 2023Modified: Jan 10, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.

Affected (1)

Products: Wpvibes: Anywhere Elementor

Wpvibes

1 product

Anywhere Elementor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpvibes Anywhere Elementor	Before 1.2.8

References (2)

https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602

Source: contact@wpscan.com

Exploit

https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.