【資安通報】Elementor Addon Elements <= 1.12.7

【資安通報】

受影響版本: <= 1.12.7

風險等級(滿分為10分): 5.4

簡述:
容易受到跨網站請求偽造的攻擊。這是由於 eae_save_elements 函數的隨機數驗證缺失或不正確。這使得未經身份驗證的攻擊者可以透過偽造的請求啟用/停用 element 或 addon 元素，他們可以欺騙網站管理員執行點擊連結等操作。

參考資料:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1127-cross-site-request-forgery-1
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/events-addon-for-elementor/events-addon-for-elementor-212-missing-authorization
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1127-missing-authorization-to-sensitive-information-exposure
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1127-authenticated-administrator-stored-cross-site-scripting

#大邵報資安

#WordPress