5.3

CVE-2024-3927

EPSS 0.51%
Veröffentlicht 22.05.2024 07:15:13
Zuletzt bearbeitet 26.02.2025 21:40:19
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass  in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.

Mögliche Gegenmaßnahme

Element Pack Addons for Elementor: Update to version 5.6.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Element Pack Addons for Elementor

Version *-5.6.3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bdthemes ≫ Element Pack SwEditionlite SwPlatformwordpress Version < 5.6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.656

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/contact-form/module.php#L102

Product

https://plugins.trac.wordpress.org/changeset/3089154

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/3a703fc4-6c61-442e-a637-515e9f501575?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/3a703fc4-6c61-442e-a637-515e9f501575

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-3927

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3927

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3927

EUVD