Description
Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
Published: 2026-01-06
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Patch Now
AI Analysis

Impact

The vulnerability arises from missing authorization checks, allowing attackers to exploit incorrectly configured access control security levels and gain unauthorized access to plugin features. This Broken Access Control flaw (CWE‑862) lets a malicious actor view, modify, or delete Elementor content, thereby compromising the confidentiality, integrity, and availability of the site.

Affected Systems

WordPress users running any version of the Responsive Addons for Elementor plugin up to version 2.0.8, released by CyberChimps, are affected. The issue exists from the earliest available release through 2.0.8, so all installations of those versions are vulnerable unless updated.

Risk and Exploitability

With a CVSS score of 6.5, the flaw presents a moderate severity risk. The EPSS score of less than 1% indicates a low likelihood of being actively exploited. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation currently. The attack likely requires the attacker to have some access to the WordPress administrative interface or to craft requests that bypass normal permission checks, but the absence of a high exploitation probability moderates urgency.

Generated by OpenCVE AI on April 27, 2026 at 21:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Responsive Addons for Elementor plugin to the latest available release to eliminate the missing authorization checks.
  • If an update is not immediately available, restrict the plugin’s administrative pages to users with the Editor or Administrator role using a role‑management or security plugin, and review the plugin’s settings to enforce proper access controls.
  • Conduct a plugin audit to ensure no residual permissions allow unauthorized users to access or modify Elementor content used by the plugin, and adjust file and settings permissions accordingly.

Generated by OpenCVE AI on April 27, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 15 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Cyberchimps
Cyberchimps responsive Addons For Elementor
Wordpress
Wordpress wordpress
Vendors & Products Cyberchimps
Cyberchimps responsive Addons For Elementor
Wordpress
Wordpress wordpress

Tue, 06 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
Title WordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Cyberchimps Responsive Addons For Elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:38.764Z

Reserved: 2025-12-31T20:12:41.875Z

Link: CVE-2025-69363

cve-icon Vulnrichment

Updated: 2026-01-15T21:35:49.128Z

cve-icon NVD

Status : Deferred

Published: 2026-01-06T17:15:48.903

Modified: 2026-04-27T21:16:25.303

Link: CVE-2025-69363

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T22:00:16Z

Weaknesses