Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities in The Pack Elementor Addons
CVE-2024-32785

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: The Pack Elementor Addons
Vendor: CVE Published:; 24 April 2024

Summary

A vulnerability exists in Webangon The Pack Elementor Addons that allows attackers to exploit a Cross-Site Request Forgery (CSRF) to execute Cross-Site Scripting (XSS). This weakness can potentially lead to unauthorized actions being performed without user consent, resulting in the exposure of sensitive data and creating security risks for affected users. The vulnerable versions include all prior to 2.0.8.3, making prompt updates essential for maintaining security.

Affected Version(s)

The Pack Elementor addons <= 2.0.8.3

References

https://patchstack.com/database/vulnerability/the-pack-ad...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 24, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)