CVE-2024-0767
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Feb 28, 2024
Summary
CVE-2024-0767 is a Cross-Site Request Forgery vulnerability affecting the Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress. Versions up to 1.4.4 are susceptible to this issue. The root cause is the absence or incorrect implementation of nonce validation in the ajax_plugin_activation function. Consequently, unauthenticated attackers can manipulate site administrators into executing malicious actions, such as activating arbitrary plugins through a specially crafted link.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share