WordPress Plugin Vulnerabilities

Ultimate Store Kit Elementor Addons < 2.9.5 - Missing Authorization

Description

The Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Fixed in 2.9.5

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Phat RiO - BlueRock
Verified
No

Timeline

Publicly Published
2025-12-30 (about 6 months ago)
Added
2026-01-14 (about 5 months ago)
Last Updated
2026-01-14 (about 5 months ago)

Other