Authorization Bypass Vulnerability in Elementor Essential Addons

CVE-2021-4446

What is CVE-2021-4446?

The Essential Addons for Elementor plugin for WordPress has a vulnerability that allows authenticated users, even those with minimal permissions such as a subscriber, to bypass authorization checks. This issue arises from missing capability checks and nonce disclosure, enabling unauthorized actions such as changing plugin settings and installing arbitrary plugins. Affected versions include those up to and including 4.6.4, highlighting the importance of maintaining up-to-date plugins to mitigate security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References