CVE-2023-0443

EUVD-2023-12497
The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
wpvibesanywhere_elementor
𝑥
< 1.2.8
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602
https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602