Authorization Bypass Vulnerability in Elementor Essential Addons
CVE-2021-4446

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Essential Addons For Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Vendor: CVE Published:; 16 October 2024

Summary

The Essential Addons for Elementor plugin for WordPress has a vulnerability that allows authenticated users, even those with minimal permissions such as a subscriber, to bypass authorization checks. This issue arises from missing capability checks and nonce disclosure, enabling unauthorized actions such as changing plugin settings and installing arbitrary plugins. Affected versions include those up to and including 4.6.4, highlighting the importance of maintaining up-to-date plugins to mitigate security risks.

Affected Version(s)

Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders * <= 4.6.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Oct 15, 2024

Credit

Chloe Chamberland