This vulnerability is a CWE-352 Cross-Site Request Forgery affecting PowerPack Pro for Elementor versions prior to 2.10.8. CSRF vulnerabilities enable attackers to trick authenticated users into submitting unauthorized requests, potentially causing unintended changes or disruptions. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and high availability impact. No patch links or vendor advisories are currently available to confirm remediation status.

The vulnerability can be exploited remotely without privileges but requires user interaction. It does not compromise confidentiality but can affect the integrity and availability of the affected application. This could result in unauthorized actions being performed on behalf of legitimate users, potentially disrupting service or altering data.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider implementing CSRF protections such as verifying anti-CSRF tokens or restricting actions to trusted users. Monitor vendor channels for updates and apply patches promptly once available.