Description
Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.3.1.
Published: 2025-01-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in ElementInvader Addons for Elementor enables users with insufficient privileges to manipulate plugin functions that should be restricted, effectively bypassing the intended access controls. The vulnerability stems from missing authorization checks and is classified as CWE‑862. Consequently, an attacker who can authenticate to the WordPress site may gain the ability to modify or delete content delivered by the plugin, potentially undermining confidentiality and integrity of site data.

Affected Systems

WordPress sites running ElementInvader Addons for Elementor plugins through version 1.3.1 are impacted. The affected product, managed by Element Invader, includes all releases up to and including 1.3.1 on the WordPress platform.

Risk and Exploitability

The CVSS score of 4.3 indicates a low‑to‑medium severity, and the EPSS score of less than 1% shows a very low probability of exploitation at this time. The vulnerability is not yet listed in the CISA KEV catalog. Exploitation would likely occur via the web interface of a logged‑in WordPress account and does not provide remote code execution. Nonetheless, the lack of proper controls could allow an attacker to elevate privileges within the plugin’s scope.

Generated by OpenCVE AI on May 1, 2026 at 18:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to version 1.3.2 or later to eliminate the access‑control issue.
  • If an update is not immediately available, remove or deactivate the plugin to prevent unauthorized interaction.
  • Revoke or restrict lower‑privilege roles from accessing the plugin’s configuration and content editing features, ensuring that only trusted administrators retain those capabilities.

Generated by OpenCVE AI on May 1, 2026 at 18:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3822 Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1. Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.3.1.
First Time appeared Elementinvader
Elementinvader elementinvader Addons For Elementor
CPEs cpe:2.3:a:elementinvader:elementinvader_addons_for_elementor:*:*:*:*:*:wordpress:*:*
Vendors & Products Elementinvader
Elementinvader elementinvader Addons For Elementor
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 24 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Jan 2025 17:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.
Title WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Elementinvader Elementinvader Addons For Elementor
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:30.421Z

Reserved: 2025-01-23T14:51:18.436Z

Link: CVE-2025-24618

cve-icon Vulnrichment

Updated: 2025-01-24T18:47:13.086Z

cve-icon NVD

Status : Modified

Published: 2025-01-24T18:15:37.430

Modified: 2026-04-23T15:25:08.617

Link: CVE-2025-24618

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T19:00:08Z

Weaknesses