The Leap13 Disable Elementor Editor Translation plugin implements a missing authorization check that permits users to bypass the intended access control limits on its configuration pages, allowing unwanted modifications to plugin settings. This flaw falls under CWE‑862 (Inadequate Privilege Management). An attacker who can reach the affected pages may alter or delete configuration data, potentially compromising the integrity of the WordPress installation and the sites that rely on this plugin.

The vulnerability affects all installations of the WordPress plugin Leap13 Disable Elementor Editor Translation version 1.0.2 and earlier. Users running the plugin at or below this version are vulnerable.

The CVSS score of 4.3 indicates a moderate severity, while the EPSS score of less than 1% suggests that exploitation is currently unlikely. The issue is not listed in CISA KEV, so no widespread, active exploitation is documented. Based on common WordPress plugin behavior, the attack vector is inferred to be through the web interface of the WordPress site; the attacker would need to be able to interact with the plugin’s options page, which typically requires at least a user session and may depend on the site’s role configuration. This inference is necessary because the official description does not specify the exact method of exploiting the access control flaw.