3 matches found
CVE-2024-0768
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...
CVE-2024-0768
CVE-2024-0768 affects Envo’s Elementor Templates & Widgets for WooCommerce for WordPress, with CSRF in the ajax_theme_activation path. It is exploitable by unauthenticated attackers who can trick an administrator into performing an action (activating an arbitrary installed theme). Affected versio...
WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...