Impact
The vulnerability is an unauthenticated Broken Access Control flaw in Essential Addons for Elementor, identified as CWE-862. Based on the description, it is inferred that an attacker without valid credentials could use crafted requests or URLs to reach plugin management endpoints that normally require administrative privileges. This could allow the attacker to view, modify, or delete plugin settings and content that should be restricted to authorized administrators.
Affected Systems
The affected product is WPDeveloper's Essential Addons for Elementor plugin. Versions earlier than 6.6.0 are vulnerable. Any WordPress site that has installed an older plugin version is potentially at risk.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate severity level. An EPSS score of < 1% suggests that the probability of exploitation is very low, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, exploitation is theoretically straightforward via unauthenticated crafted requests, giving an attacker unauthorized administrative capabilities if the site remains on a vulnerable plugin version.
OpenCVE Enrichment