Lucene search
WpvulndbWPVDB-ID:436258EF-5505-45BD-A705-7C435D52AF2FHistoryFeb 05, 2024 - 12:00 a.m.
PowerPack Pro for Elementor < 2.10.8 - Cross-Site Request Forgery to Plugin Settings Modification and Cross-Site Scripting
2024-02-0500:00:00
wpscan.com
7
wordpress
cross-site request forgery
plugin settings modification
cross-site scripting
nonce validation
unauthenticated attackers
arbitrary web scripts
Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions prior to 2.10.8. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to modify plugin settings and inject arbitrary web scripts in pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.10.8 |
Related
prion
prion
Cross site request forgery (csrf)
2024-02-21 07:15:00
nvd
nvd
CVE-2024-24843
2024-02-21 07:15:54
cve
cve
CVE-2024-24843
2024-02-21 07:15:54
cvelist
cvelist
wordfence
wordfence
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:436258EF-5505-45BD-A705-7C435D52AF2F