Login Sign Up

CVE-2023-0329

7.2 HIGH
SQL Injection

📋 TL;DR

This vulnerability allows authenticated administrators in WordPress sites using the Elementor Website Builder plugin to perform SQL injection attacks via the Replace URL parameter in the Tools module. Attackers with administrator access can potentially extract, modify, or delete database content. Only WordPress sites with Elementor plugin installed and administrators with access to the Tools module are affected.

💻 Affected Systems

Products:
  • Elementor Website Builder WordPress Plugin
Versions: All versions before 3.12.2
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Elementor plugin and administrator access to the Tools module.

📦 What is this software?

Website Builder by Elementor

View all CVEs affecting Website Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator-level attacker could extract sensitive data (user credentials, personal information), modify database content, or potentially achieve remote code execution through database manipulation.

🟠

Likely Case

Malicious administrator or compromised admin account could extract sensitive WordPress data, modify site content, or disrupt site functionality.

🟢

If Mitigated

With proper access controls and admin account security, risk is limited to authorized administrators who should already have database access through legitimate means.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrator credentials. Public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.12.2 and later

Vendor Advisory: https://elementor.com/help/security-advisory/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Elementor Website Builder. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 3.12.2+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable Elementor Tools Module

all

Remove administrator access to the vulnerable Tools module

No direct command - use WordPress role/capability management

Restrict Administrator Accounts

all

Limit administrator accounts to only trusted personnel and implement strong authentication

🧯 If You Can't Patch

  • Implement strict access controls for administrator accounts and monitor admin activity
  • Deploy web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check Elementor plugin version in WordPress admin panel under Plugins → Installed Plugins

Check Version:

wp plugin list --name=elementor --field=version (if WP-CLI installed)

Verify Fix Applied:

Verify Elementor plugin version is 3.12.2 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in WordPress/database logs
  • Multiple failed login attempts followed by admin access
  • Admin user accessing /wp-admin/admin.php?page=elementor-tools

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php with SQL injection patterns in parameters

SIEM Query:

source="wordpress.log" AND ("elementor-tools" OR "Replace URL") AND (UNION SELECT OR information_schema OR SLEEP())

📊 Metadata

CVE ID: CVE-2023-0329
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Published: May 30, 2023
Last Updated: April 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON