Description
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.
Published: 2025-10-31
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in WPDeveloper Essential Addons for Elementor Lite, allowing an attacker to bypass normal access controls. Published as CWE-862, it permits exploitation of incorrectly configured security levels within the plugin, potentially giving unauthorized users elevated access to plugin features or data associated with the WordPress site.

Affected Systems

All installations of WPDeveloper Essential Addons for Elementor Lite up to and including version 6.2.4 are affected. The vulnerability applies to the core plugin code distributed under the Lite license for WordPress.

Risk and Exploitability

Listed with a CVSS score of 2.7, the vulnerability is assessed as low severity. The EPSS score of less than 1% indicates a very low probability of being exploited in the wild. It is not included in the CISA KEV catalog. The attack vector is not clearly defined in the advisory; it likely involves accessing the plugin’s configuration interface or API endpoints that lack proper authorization checks. Exact requirements for exploitation are not specified in the available data.

Generated by OpenCVE AI on April 29, 2026 at 20:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Essential Addons for Elementor Lite to a version newer than 6.2.4 that contains the access‑control fix.
  • Limit access to the plugin’s configuration pages and settings so that only users with administrative roles can modify them.
  • If a patch is not immediately available, disable or remove the plugin to prevent potential exploitation until an update can be applied.

Generated by OpenCVE AI on April 29, 2026 at 20:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Thu, 29 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:lite:wordpress:*:*

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpdeveloper
Wpdeveloper essential Addons For Elementor
Vendors & Products Wordpress
Wordpress wordpress
Wpdeveloper
Wpdeveloper essential Addons For Elementor

Fri, 31 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 31 Oct 2025 11:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.
Title WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
Wpdeveloper Essential Addons For Elementor
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:14.117Z

Reserved: 2025-10-31T11:23:06.889Z

Link: CVE-2025-64352

cve-icon Vulnrichment

Updated: 2025-10-31T18:55:50.862Z

cve-icon NVD

Status : Modified

Published: 2025-10-31T12:15:35.527

Modified: 2026-04-27T16:16:40.690

Link: CVE-2025-64352

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T20:30:19Z

Weaknesses