Vulnerability Details CVE-2024-0514
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 4.3
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve
Products affected by CVE-2024-0514
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:-
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.0
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.2
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.2
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.21
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.22
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.23
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.25
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.26
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.27
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.28
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.29
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.30
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.32
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.33
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.34
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.36
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.37
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.38
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.39
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.40
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.42
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.43
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.44
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.45
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.46
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.47
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.48
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.49
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.50
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.51
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.56
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.58
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.59
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.60
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.61
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.62
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.63
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.64
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.65
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.66
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.67
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.68
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.69
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.70
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.71
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.75
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.76
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.77
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.78
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.79
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.80
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.81
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.82
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.83
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.84
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.85
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.86
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.87