Missing Authorization Vulnerability in Elementor Website Builder by Elementor
CVE-2026-32445

2.7LOW

Key Information:

Vendor: WordPress
Status: Elementor Website Builder
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-32445?

A missing authorization vulnerability has been identified in the Elementor Website Builder, impacting versions up to 3.35.5. The issue arises from incorrectly configured access control security levels, which could allow unauthorized access and manipulation of sensitive components. Users of affected versions are strongly advised to review their access control settings and implement patches or upgrades to mitigate potential risks.

Affected Version(s)

Elementor Website Builder 0 <= 3.35.5

References

https://patchstack.com/database/Wordpress/Plugin/elemento...

vdb-entry

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

davidfdzmorilla | Patchstack Bug Bounty Program

CVE-2026-32445 Data

JSON

WordPress

What is CVE-2026-32445?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit