CSRF Vulnerability in PowerPack Pro for Elementor
CVE-2024-24843

7.1HIGH

Key Information:

Vendor: WordPress
Status: PowerPack Pro for Elementor
Vendor: CVE Published:; 21 February 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the PowerPack Addons for Elementor, specifically in the PowerPack Pro for Elementor plugin. This vulnerability allows an attacker to exploit the application by causing unauthorized changes to the plugin settings. If users are tricked into interacting with malicious links while logged in, it could lead to potential alterations without their consent. The issue affects versions of PowerPack Pro for Elementor prior to 2.10.8, indicating that users should update to the latest version to mitigate any security threats.

Affected Version(s)

PowerPack Pro for Elementor < 2.10.8

References

https://patchstack.com/database/vulnerability/powerpack-e...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Jan 31, 2024

Credit

Dave Jong (Patchstack)