The vulnerability in the Vertex Addons for Elementor plugin is a missing authorization flaw that permits an attacker who can reach the plugin’s administrative controls to perform privileged actions without the necessary role checks. This broken access control can enable tampering with plugin settings, adding or removing elements, or otherwise altering site content, thereby compromising the integrity of the website. The weakness is identified as CWE-862, Missing Authorization.

All installations of the Vertex Addons for Elementor plugin distributed by Webilia Inc. where the version is n/a through 1.6.4 are affected. Sites should verify the installed version and consider upgrading to a release newer than 1.6.4 once available.

The CVSS score of 6.5 categorizes the flaw as moderate severity, and the EPSS score of less than 1% indicates a low current likelihood of exploitation. Based on the description, the most likely attack vector involves web requests to the plugin’s administrative endpoints; an attacker would need to be authenticated as a user with sufficient privileges or exploit an exposed management page to gain the necessary access. The vulnerability is not listed in the CISA KEV catalog, suggesting no widely reported exploitation yet, but the potential for unauthorized site modification warrants prompt action.