Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/02/28 8:33 a.m.15 views

CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...

4.3CVSS6.7AI score0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/28 8:33 a.m.28 views

CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...

4.3CVSS4.7AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.5 views

PT-2024-15805 · Envo · Elementor Templates & Widgets For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to and including 1.4.4 Description: The issue is due to missing or incorrect nonce validation on the ajax theme activation function, making it possible...

4.3CVSS9.5AI score0.00322EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.15 views

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Theme Activation via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxthemeactivation function, allowing unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into...

4.3CVSS4.9AI score0.00322EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder