First published: Wed Nov 15 2023(Updated: )
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|Affected Software||Affected Version||How to fix|
|Webtechstreet Elementor Addon Elements||<=1.12.7|
The vulnerability ID for the Elementor Addon Elements plugin is CVE-2023-4689.
The severity of CVE-2023-4689 is medium with a CVSS score of 5.4.
The affected software for CVE-2023-4689 is the Elementor Addon Elements plugin for WordPress up to version 1.12.7.
CVE-2023-4689 is a vulnerability in the Elementor Addon Elements plugin for WordPress that allows unauthenticated attackers to perform Cross-Site Request Forgery attacks due to missing or incorrect nonce validation.
To fix CVE-2023-4689, update the Elementor Addon Elements plugin to version 1.12.8 or higher, which includes the necessary nonce validation.