The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
Thu, 10 Jul 2025 01:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Themebon
Themebon digital Marketing And Agency Templates Addons For Elementor |
|
CPEs | cpe:2.3:a:themebon:digital_marketing_and_agency_templates_addons_for_elementor:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Themebon
Themebon digital Marketing And Agency Templates Addons For Elementor |
Fri, 13 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 13 Jun 2025 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |
Title | Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import | |
Weaknesses | CWE-352 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published: 2025-06-13T01:47:50.908Z
Updated: 2025-06-13T15:29:43.697Z
Reserved: 2025-06-09T15:48:30.406Z
Link: CVE-2025-5938

Updated: 2025-06-13T15:29:37.672Z

Status : Analyzed
Published: 2025-06-13T03:15:53.053
Modified: 2025-07-10T00:38:09.650
Link: CVE-2025-5938

No data.