4 matches found
CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...
CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...
PT-2024-15805 · Envo · Elementor Templates & Widgets For Woocommerce
Name of the Vulnerable Software and Affected Versions: The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to and including 1.4.4 Description: The issue is due to missing or incorrect nonce validation on the ajax theme activation function, making it possible...
Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Theme Activation via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxthemeactivation function, allowing unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into...