Lucene search
WpvulndbWPVDB-ID:8A4D2E21-C0A6-4CC7-B88D-FF31EB1BAE23HistoryFeb 27, 2024 - 12:00 a.m.
Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Subscriber+ Template Creation
2024-02-2700:00:00
wpscan.com
5
elementor
woocommerce
vulnerability
templates
data modification
capability check
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.8
Confidence
High
EPSS
0
Percentile
9.0%
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function, allowing subscribers and higher to create templates.
Related
vulnrichment
vulnrichment
CVE-2024-0766
2024-02-28 08:33:11
cvelist
cvelist
CVE-2024-0766
2024-02-28 08:33:11
nvd
nvd
CVE-2024-0766
2024-02-28 09:15:41
prion
prion
Design/Logic Flaw
2024-02-28 09:15:00
cve
cve
CVE-2024-0766
2024-02-28 09:15:41
wordfence
wordfence
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.8
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:8A4D2E21-C0A6-4CC7-B88D-FF31EB1BAE23