Missing Authorization Vulnerability in Wpmet ElementsKit Elementor Addons Lite
CVE-2026-49052

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Elementskit Elementor Addons Lite
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-49052?

The missing authorization vulnerability in Wpmet ElementsKit Elementor Addons Lite allows attackers to exploit improperly configured access control mechanisms. This flaw enables unauthorized users to gain access to certain features and functionalities that should be restricted. The issue affects all versions up to 3.9.6, highlighting the importance for users to review their implementations and ensure appropriate access controls are in place to mitigate potential exploitation.

Affected Version(s)

ElementsKit Elementor addons Lite <= 3.9.6

References

https://patchstack.com/database/wordpress/plugin/elements...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 27, 2026

Credit

Bonds | Patchstack Bug Bounty Program

CVE-2026-49052 Data

JSON

WordPress

What is CVE-2026-49052?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit