Medium severity5.3NVD Advisory· Published May 22, 2024· Updated Apr 8, 2026

CVE-2024-3927

Description

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.

Affected products

Bdthemes/Element Pack
cpe:2.3:a:bdthemes:element_pack:*:*:*:*:lite:wordpress:*:*
Range: <5.6.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3089154nvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/3a703fc4-6c61-442e-a637-515e9f501575nvdThird Party Advisory
plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/contact-form/module.phpnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000