CVE-2024-0515

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 29, 2024
Updated: Jan 8, 2025
CWE ID 352

Summary

CVE-2024-0515 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Royal Elementor Addons and Templates plugin for WordPress. Versions up to and including 1.3.87 are susceptible to this issue. The nonce validation on the remove_from_compare function is either missing or incorrect, leading to unauthenticated attackers being able to remove items from user compare lists. This can be exploited by tricking a site administrator into taking action, such as clicking a malicious link. Successful attacks can lead to unauthorized modifications to user compare lists in WordPress sites using this plugin. Users are advised to update the plugin to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share