Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) 2.7.13

  • Severity: medium-risk
  • Status: Fixed
  • Publication: January 2, 2024

The PowerPack Addons for Elementor plugin for WordPress contains a security vulnerability present in all versions up to, and including, 2.7.13. This vulnerability makes it possible for unauthenticated attackers to alter the plugin settings without the website administrator’s knowledge or consent. This is due to a missing or incorrect validation of nonce (a kind of digital signature) in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. To exploit this vulnerability, the attacker must be able to trick a website administrator into clicking on a malicious link.

Detected in:

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) fixed vulnerable versions: >= * <= 2.7.13
PowerPack Elementor Addons (Free Widgets, Extensions and Templates) fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.