Authorization Bypass Vulnerability in Elementor Essential Addons
CVE-2021-4446
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 16 October 2024
What is CVE-2021-4446?
The Essential Addons for Elementor plugin for WordPress has a vulnerability that allows authenticated users, even those with minimal permissions such as a subscriber, to bypass authorization checks. This issue arises from missing capability checks and nonce disclosure, enabling unauthorized actions such as changing plugin settings and installing arbitrary plugins. Affected versions include those up to and including 4.6.4, highlighting the importance of maintaining up-to-date plugins to mitigate security risks.
Affected Version(s)
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders * <= 4.6.4