CVE-2024-0513

Summary

CVE-2024-0513 is a newly disclosed vulnerability affecting the Royal Elementor Addons and Templates plugin for WordPress. The issue lies in the inadequate nonce validation on the 'remove_from_wishlist' function, resulting in a Cross-Site Request Forgery (CSRF) vulnerability. Unauthenticated attackers can exploit this weakness by tricking site administrators into clicking malicious links, enabling them to remove items from users' wishlists without proper authorization. This flaw poses a significant risk to WordPress sites using the affected plugin, and users are urged to update to the latest version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.