RT Easy Builder – Advanced addons for Elementor < 2.1 – Missing Authorization | CVE 2024-30484 | Plugin Vulnerabilities

Description

The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the ajax_activate_plugins() function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate plugins.

Affects Plugins

rt-easy-builder-advanced-addons-for-elementor

Fixed in 2.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/6defd072-0203-471a-96cf-579a9eebcd9f

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Friday

Verified

No

WPVDB ID

11c93a7d-319c-4090-afb0-7b127f2998dd

Timeline

Publicly Published

2024-03-28 (about 2 years ago)

Added

2024-04-03 (about 2 years ago)

Last Updated

2024-04-03 (about 2 years ago)

Other

Published

Title

Published

2025-11-03

Title

Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Post Creation

Published

2025-11-17

Title

Restrictions for BuddyPress < 1.5.3 - Missing Authorization to Unauthenticated Tracking Status Update

Published

2023-11-28

Title

IdeaPush < 8.58 - Subscriber+ Memory Tab/Routine/Taxonomy Creation

Published

2024-04-19

Title

MaxGalleria < 6.4.3 - Missing Authorization

Published

2025-03-31

Title

SP Blog Designer <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution