CVE-2024-0512

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2024-0512 is a vulnerability found in the Royal Elementor Addons and Templates plugin for WordPress, affecting all versions up to 1.3.87. It is categorized as a Cross-Site Request Forgery (CSRF) vulnerability due to the missing or incorrect nonce validation on the add_to_wishlist function. This flaw allows unauthenticated attackers to add items to user wishlists by tricking a site administrator into performing an action, such as clicking on a link. The risk score is rated at 5, with a base severity of MEDIUM. The exploitability score is 2.8, and the impact score is 1.4. To remediate this vulnerability, users are advised to update to the latest version of the Royal Elementor Addons and Templates plugin for WordPress. This vulnerability poses a potential danger to organizations using the affected plugin as it can lead to unauthorized manipulation of user wishlists and potential security breaches.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0512 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options