How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Elementor Addon Elements < 1.11.8 - CSRF Bypass

Description

The plugin does not properly check for CSRF in some of its functions, allowing them to be bypassed when making a requests without the expected nonce parameter (v < 1.1.7) or with a dummy nonce value (v < 1.11.8). As a result, attackers could make users perform unwanted actions.

Affects Plugins

addon-elements-for-elementor-page-builder

Fixed in version 1.11.8

References

URL

https://plugins.trac.wordpress.org/changeset/2567099/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

d2280397-2029-41f3-b5eb-be94044c42a5

Timeline

Publicly Published

2021-07-20 (about 2 years ago)

Added

2021-07-20 (about 2 years ago)

Last Updated

2021-07-20 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin