ByteOS Network

NVD Vulnerability Details :

CVE-2024-3927

Awaiting Analysis

Source-security@wordfence.com

Published At-22 May, 2024 | 07:15

Updated At-22 May, 2024 | 12:46

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Hyperlink	Source	Resource
https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/contact-form/module.php#L102	security@wordfence.com	N/A
https://plugins.trac.wordpress.org/changeset/3089154	security@wordfence.com	N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/3a703fc4-6c61-442e-a637-515e9f501575?source=cve	security@wordfence.com	N/A

Hyperlink: https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/contact-form/module.php#L102

Source: security@wordfence.com

Resource: N/A

Hyperlink: https://plugins.trac.wordpress.org/changeset/3089154

Source: security@wordfence.com

Resource: N/A

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/3a703fc4-6c61-442e-a637-515e9f501575?source=cve

Source: security@wordfence.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History