Lucene search
K

5 matches found

NVD
NVD
added 2024/02/28 9:15 a.m.28 views

CVE-2024-0767

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS4.3AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/28 8:33 a.m.28 views

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS4.7AI score0.00275EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 8:33 a.m.141 views

CVE-2024-0767

CVE-2024-0767 (Envo's Elementor Templates & Widgets for WooCommerce) is a CSRF in the plugin’s ajax_plugin_activation path that can let unauthenticated attackers activate arbitrary plugins if an admin is tricked into performing an action. The vulnerability affects WordPress installations using th...

4.3CVSS5.3AI score0.00275EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/28 8:33 a.m.19 views

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS6.7AI score0.00275EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.19 views

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Plugin Activation via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxpluginactivation function, allowing unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into...

4.3CVSS4.9AI score0.00275EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder