WordPress Plugin Vulnerabilities

PowerPack Pro for Elementor < 2.10.8 - Missing Authorization to Settings Reset

Description

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 2.10.6. This makes it possible for unauthenticated attackers to reset plugin settings.

Affects Plugins

Plugin icon
powerpack-elements
Fixed in 2.10.8

References

CVE
CVE-2024-24844
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/883e1f3c-7e47-4522-ae8c-a9a6b4160be2

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
35570703-9db4-486d-8b56-7dabfc89275f

Timeline

Publicly Published
2024-02-02 (about 2 years ago)
Added
2024-02-05 (about 2 years ago)
Last Updated
2024-02-05 (about 2 years ago)

Other

Published
Title
Published
2025-05-16
Title
Salon Booking Pro <= 10.10.2 - Missing Authorization
Published
2026-01-19
Title
SEO Booster <= 6.1.8 - Missing Authorization
Published
2025-11-21
Title
Legal Pages < 1.4.7 - Missing Authorization
Published
2022-10-28
Title
Modula < 2.6.91 - Unauthenticated Troubleshooting Settings Update
Published
2026-02-18
Title
Checkout Field Manager (Checkout Manager) for WooCommerce < 7.8.6 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion