Powerpack Addons For Elementor
CVE-2023-49739
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23.
AnalysisAI
Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.9.23. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.9.23. Affected products include: Ideabox Powerpack Addons For Elementor. Version information: through 2.9.23..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The “Elementor Addons - PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and in
Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.10.8. Rate
A Stored Cross-Site Scripting (XSS) vulnerability exists in PowerPack Addons for Elementor (powerpack-lite-for-elementor
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Ba
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Twe
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag*
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today