Access Control Flaw in Leap13 Premium Addons for Elementor
CVE-2024-56225

8.8HIGH

Key Information:

Vendor: WordPress
Status: Premium Addons For Elementor
Vendor: CVE Published:; 31 December 2024

Summary

A missing authorization flaw in Leap13 Premium Addons for Elementor permits users to access functionality that is not adequately constrained by Access Control Lists (ACLs). This vulnerability affects versions from n/a through 4.10.56 of the Premium Addons for Elementor plugin, which may lead to unauthorized access to sensitive features. It is crucial for users to assess their exposure and apply any relevant security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Premium Addons for Elementor <= 4.10.56

References

https://patchstack.com/database/wordpress/plugin/premium-...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Credit

Rafie Muhammad (Patchstack)