Impact
An unauthenticated Broken Authentication flaw in the PowerPack Pro for Elementor WordPress plugin allows a remote actor to bypass normal login procedures and gain privileged access to the WordPress site. The vulnerability is classified as CWE‑288, meaning that authentication controls are insufficient or incorrectly implemented. Once accessed, an attacker could edit or delete content, install additional malicious plugins, or otherwise take complete control of the site, affecting confidentiality, integrity, and availability of the hosted information.
Affected Systems
The defect is present in all installations of PowerPack Pro for Elementor plugin version numbers lower than 2.13.0 released by Powerpackelements. No specific operating system, WordPress core version, or server environment restrictions are listed, so any WordPress site that has a vulnerable plugin version is at risk.
Risk and Exploitability
The CVSS base score of 8.8 reflects a high severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, which suggests no documented exploits yet. However, because the flaw allows unauthenticated access and is reachable through the web interface, the likely attack vector is remote via HTTP or HTTPS. This combination of high impact potential and ease of exploitation makes the vulnerability a top priority for site owners.
OpenCVE Enrichment