WordPress Plugin Vulnerabilities

Elementor Website Builder < 3.13.2 - Missing Authorization

Description

The plugin does not check user capabilities on several functions, allowing authenticated attackers with a low amount of privilege (such as Subscribers) to perform actions that should only be available to users with higher privileges.

Affects Plugins

Plugin icon
elementor
Fixed in 3.13.2

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
0b68091c-6a05-4f81-a718-6ec139df2e96

Timeline

Publicly Published
2023-05-12 (about 2 years ago)
Added
2023-05-12 (about 2 years ago)
Last Updated
2023-05-12 (about 2 years ago)

Other

Published
Title
Published
2025-08-26
Title
Info Cards < 2.0.0 - Missing Authorization
Published
2025-09-22
Title
All In One SEO Pack < 4.8.7.2 - Missing Authorization
Published
2025-11-04
Title
CoSchedule < 3.4.1 - Missing Authorization
Published
2025-10-30
Title
Accessibility Toolkit by WebYes < 2.0.5 - Missing Authorization
Published
2025-02-03
Title
EAN for WooCommerce < 5.4.0 - Missing Authorization