CVE-2024-0515
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-0515 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Royal Elementor Addons and Templates plugin for WordPress. Versions up to and including 1.3.87 are susceptible to this issue. The nonce validation on the remove_from_compare function is either missing or incorrect, leading to unauthenticated attackers being able to remove items from user compare lists. This can be exploited by tricking a site administrator into taking action, such as clicking a malicious link. Successful attacks can lead to unauthorized modifications to user compare lists in WordPress sites using this plugin. Users are advised to update the plugin to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.