VYPR
Medium severity5.3NVD Advisory· Published May 22, 2024· Updated Apr 8, 2026

CVE-2024-3927

CVE-2024-3927

Description

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:bdthemes:element_pack:*:*:*:*:lite:wordpress:*:*+ 1 more
    • cpe:2.3:a:bdthemes:element_pack:*:*:*:*:lite:wordpress:*:*range: <5.6.4
    • (no CPE)range: <=5.6.3
  • WordPress/Element Packwp-canonicalize

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.