all InfoSec news
Vulnerability Exploiting Privilege Escalation Discovered in WordPress [CVE-2023–32243]
A security vulnerability has been detected in Essential Addons for Elementor, a widely utilized WordPress plugin with over one million active installations. This specific flaw, identified as CVE-2023–32243, allows an unauthorized attacker to reset the password for any user on the affected website, providing them with administrator privileges.
Upon conducting a thorough examination of CVE-2023–32243, it was found to impact the password reset feature of the Essential Addons plugin integrated with Elementor. The vulnerability arises from the lack of validation …