Unrated severityNVD Advisory· Published May 30, 2023· Updated Jan 10, 2025

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

CVE-2023-0443

Description

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.

Affected products

WordPress/Anywhere Elementorinferred
Range: <1.2.8
Package: https://wordpress.org/plugins/anywhere-elementor

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000