CVE-2023-0443

Summary

CVE-2023-0443 is a vulnerability affecting the AnyWhere Elementor WordPress plugin before version 1.2.8. This issue allows unauthorized individuals to obtain a Freemius Secret Key, which can be used to purchase the pro subscription without making actual payments using test credit card numbers. The key has since been revoked, but its disclosure poses a risk to WordPress sites using the vulnerable plugin version. Attackers could exploit this vulnerability to gain unauthorized access to premium features, potentially leading to data breaches or other malicious activities. WordPress users are advised to update to the latest plugin version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.