The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-06-13T03:15:53.053
2025-07-10T00:38:09.650
Analyzed
CVSSv3.1: 5.3 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | themebon | digital_marketing_and_agency_templates_addons_for_elementor | ≤ 1.1.1 | Yes |