CVE-2023-0443

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
wpvibesanywhere_elementor
𝑥
< 1.2.8
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602
https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602