WordPress Plugin Vulnerabilities

WPKoi Templates for Elementor < 3.4.5 - Missing Authorization

Description

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
wpkoi-templates-for-elementor
Fixed in 3.4.5

References

CVE
CVE-2025-64274
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3a75a005-cf56-4841-a11b-318011d80fe6

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
benzdeus
Verified
No
WPVDB ID
161f230f-d3da-4a5e-8f99-4458cacc2f8a

Timeline

Publicly Published
2025-12-06 (about 5 months ago)
Added
2025-12-11 (about 5 months ago)
Last Updated
2025-12-11 (about 5 months ago)

Other

Published
Title
Published
2023-11-14
Title
Events Addon for Elementor < 2.1.3 - Missing Authorization
Published
2022-12-14
Title
Mega Addons For WPBakery Page Builder <= 4.3.0 - Subscriber+ Settings Update
Published
2025-01-30
Title
Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update
Published
2026-02-17
Title
Compress < 6.60.29 - Missing Authorization
Published
2025-01-24
Title
RSVPMarker < 11.4.6 - Missing Authorization