CVE-2024-0767

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

CVE-2024-0766

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

PT-2024-15804 · Envo · Elementor Templates & Widgets For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax plugin...

PT-2024-15803 · Envo · Elementor Templates & Widgets For Woocommerce

Name of the Vulnerable Software and Affected Versions: Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to, and including, 1.4.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the templates ajax request...