Описание
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins.
Ссылки
- Product
- Third Party Advisory
Уязвимые конфигурации
EPSS
6.3 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins.
EPSS
6.3 Medium
CVSS3
4.3 Medium
CVSS3