CVE-2023-32243
WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege EscalationImproper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
We have discovered 4,945 live websites that are affected by CVE-2023-32243.
Affected Software
| Product |  Essential Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 4,945 live websites (1.54% of Essential Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 20 versions ( 14% of all versions) |
Common Weakness Enumeration
CWE-287 Improper AuthenticationDetails
- Published - May 12, 2023
- Updated - Feb 13, 2025
Credits
- Rafie Muhammad (Patchstack) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-32243 United States | 930 websites |
 Germany | 451 websites |
 France | 274 websites |
 Brazil | 251 websites |
 GB | 228 websites |
 Italy | 227 websites |
 Spain | 178 websites |
 India | 170 websites |
 Poland | 144 websites |
 Netherlands | 114 websites |
Website Distribution by TLD
Number of websites using CVE-2023-32243| .com | 1,869 websites |
| .com.br | 220 websites |
| .de | 203 websites |
| .org | 166 websites |
| .it | 157 websites |
| .co.uk | 126 websites |
| .fr | 108 websites |
| .pl | 102 websites |
| .nl | 96 websites |
| .se | 86 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-32243
Top websites that are affected by CVE-2023-32243. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | **,*** | |
| ****************.com | United States | **,*** | |
| *****************.de | Germany | ***,*** | |
| **********.com | United States | ***,*** | |
| *************.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| *******.com | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| ***************.com |  South Africa | ***,*** |
FAQ
CVE-2023-32243 is Improper Authentication in Essential Addons for Elementor
A total of 4,945 websites have been identified as vulnerable to CVE-2023-32243, based on global website indexing conducted by WebTechSurvey.
The Essential Addons for Elementor is affected by the CVE-2023-32243 vulnerability.
Essential Addons for Elementor versions up to and including 5.7.1 are vulnerable to CVE-2023-32243.
References
- https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
- https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cve
- http://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.html