alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Suspected WordPress Plugin Royal Elementor RCE (CVE-2023-5360)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/wp-admin/admin-ajax.php"; endswith; http.content_type; content:"multipart/form-data|3b 20|boundary="; startswith; http.request_body; content:"form-data|3b 20|name=|22|wpr_addons_nonce|22|"; fast_pattern; content:"form-data|3b 20|name=|22|max_file_size|22|"; distance:0; content:"form-data|3b 20|name=|22|allowed_file_types|22|"; distance:0; content:"form-data|3b 20|name=|22|triggering_event|22|"; distance:0; content:"form-data|3b 20|name=|22|uploaded_file|22 3b 20|"; distance:0; reference:url,nvd.nist.gov/vuln/detail/CVE-2023-5360; reference:cve,2023-5360; classtype:attempted-admin; sid:2049627; rev:1; metadata:attack_target Web_Server, created_at 2023_12_08, cve CVE_2023_5360, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_08; target:dest_ip;)