Cross-Site Request Forgery Vulnerability in Sky Addons for Elementor
CVE-2024-11601

8.1HIGH

Key Information:

Vendor

Wordpress
Status
Sky Addons For Elementor (free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
Vendor
CVE Published:
22 November 2024

What is CVE-2024-11601?

The Sky Addons for Elementor plugin for WordPress is prone to a Cross-Site Request Forgery vulnerability affecting all versions up to and including 2.6.1. This flaw arises from inadequate nonce validation within the save_options() function, which could allow an unauthenticated attacker to change arbitrary option values on a WordPress site through a malicious request. The attacker must trick a site administrator into clicking a link, thus enabling the execution of unauthorized actions. The vulnerability specifically impacts option values that can be saved as arrays.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) * <= 2.6.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/sky-elementor-...
https://plugins.trac.wordpress.org/browser/sky-elementor-...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
JSON
.