CVE-2023-35050
📋 TL;DR
CVE-2023-35050 is a missing authorization vulnerability in Elementor Pro WordPress plugin that allows subscribers to perform actions intended only for higher-privileged users. This affects all WordPress sites using Elementor Pro versions up to 3.13.0. The vulnerability enables privilege escalation through broken access control.
💻 Affected Systems
- Elementor Pro WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Subscriber-level users could gain administrative privileges, modify site content, install malicious plugins, or compromise the entire WordPress installation.
Likely Case
Subscribers could modify pages, posts, or site settings they shouldn't have access to, potentially defacing the website or altering content.
If Mitigated
With proper user role management and monitoring, impact would be limited to unauthorized content modifications by trusted subscribers.
🎯 Exploit Status
Exploitation requires subscriber-level credentials. Public proof-of-concept code exists demonstrating the authorization bypass.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.13.1 and later
Vendor Advisory: https://elementor.com/help/elementor-pro-security-update/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Elementor Pro and check for updates. 4. Update to version 3.13.1 or later. 5. Clear any caching plugins or CDN caches.
🔧 Temporary Workarounds
Temporary User Role Restriction
allTemporarily disable or restrict subscriber accounts until patching is complete
Web Application Firewall Rule
allBlock suspicious subscriber-level requests to Elementor Pro endpoints
🧯 If You Can't Patch
- Disable or remove all subscriber-level user accounts
- Implement strict network segmentation and monitor all subscriber account activity
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Elementor Pro version. If version is 3.13.0 or lower, system is vulnerable.Check Version:
wp plugin list --name=elementor-pro --field=versionVerify Fix Applied:
Verify Elementor Pro version is 3.13.1 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Subscriber users accessing admin-only Elementor endpoints
- Unusual POST requests to /wp-admin/admin-ajax.php from subscriber accounts
- Role changes or privilege escalation events
Network Indicators:
- HTTP requests to Elementor Pro API endpoints from low-privilege user agents
- Unusual traffic patterns from subscriber accounts
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND user_role="subscriber" AND action CONTAINS "elementor")🔗 References
- https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-13-0-subscriber-broken-access-control-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-13-0-subscriber-broken-access-control-vulnerability?_s_id=cve
