The Essential Addons for Elementor plugin for WordPress...
Moderate severity
Unreviewed
Published
Oct 16, 2024
to the GitHub Advisory Database
•
Updated Oct 16, 2024
Description
Published by the National Vulnerability Database
Oct 16, 2024
Published to the GitHub Advisory Database
Oct 16, 2024
Last updated
Oct 16, 2024
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins.
References