OpenCVE

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ideabox	Powerpack Addons For Elementor

Configuration 1 [-]

cpe:2.3:a:ideabox:powerpack_addons_for_elementor:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://powerpackelements.com/change-logs/
https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-08T04:32:36.859Z

Updated: 2024-08-01T20:20:00.472Z

Reserved: 2024-04-11T18:49:31.263Z

Link: CVE-2024-3668

Vulnrichment

Updated: 2024-08-01T20:20:00.472Z

NVD

Status : Modified

Published: 2024-06-08T05:15:40.040

Modified: 2024-11-21T09:30:08.563

Link: CVE-2024-3668

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3668", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-11T18:49:31.263Z", "datePublished": "2024-06-08T04:32:36.859Z", "dateUpdated": "2024-08-01T20:20:00.472Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-08T04:32:36.859Z"}, "affected": [{"vendor": "PowerPack", "product": "PowerPack Pro for Elementor", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.10.17", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator."}], "title": "PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve"}, {"url": "https://powerpackelements.com/change-logs/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ankit Patel"}], "timeline": [{"time": "2024-06-07T16:16:46.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T18:12:25.598379Z", "id": "CVE-2024-3668", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T18:12:34.757Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.472Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve", "tags": ["x_transferred"]}, {"url": "https://powerpackelements.com/change-logs/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve", "tags": ["x_transferred"]}, {"url": "https://powerpackelements.com/change-logs/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.472Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3668", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T18:12:25.598379Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T18:12:31.835Z"}}], "cna": {"title": "PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Ankit Patel"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "PowerPack", "product": "PowerPack Pro for Elementor", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.10.17"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-07T16:16:46.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve"}, {"url": "https://powerpackelements.com/change-logs/"}], "descriptions": [{"lang": "en", "value": "The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-08T04:32:36.859Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3668", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:20:00.472Z", "dateReserved": "2024-04-11T18:49:31.263Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-08T04:32:36.859Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ideabox:powerpack_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CD84DEA4-9DF8-4DA6-82BB-7E530D9C622D", "versionEndExcluding": "2.10.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator."}, {"lang": "es", "value": "El complemento PowerPack Pro para Elementor para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 2.10.17 incluida. Esto se debe a que el complemento no impide que los usuarios con pocos privilegios establezcan una funci\u00f3n predeterminada para un formulario de registro. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, creen un formulario de registro con el administrador configurado como funci\u00f3n predeterminada y luego se registren como administrador."}], "id": "CVE-2024-3668", "lastModified": "2024-11-21T09:30:08.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-06-08T05:15:40.040", "references": [{"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://powerpackelements.com/change-logs/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://powerpackelements.com/change-logs/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}