WordPress Plugin Vulnerabilities

Stratum Widgets for Elementor < 1.6.2 - Missing Authorization

Description

The Stratum Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
stratum
Fixed in 1.6.2

References

CVE
CVE-2025-69013
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1898b09-695a-4767-9047-b0343e18a62e

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
benzdeus
Verified
No
WPVDB ID
2a1c1ac3-2a6d-429b-aff4-93291dfeaa69

Timeline

Publicly Published
2025-12-27 (about 4 months ago)
Added
2026-01-06 (about 4 months ago)
Last Updated
2026-01-06 (about 4 months ago)

Other

Published
Title
Published
2025-02-12
Title
Pallet Packaging for WooCommerce < 1.1.16 - Missing Authorization
Published
2026-02-09
Title
Construction Landing Page < 1.4.2 - Missing Authorization
Published
2025-09-03
Title
Ai Engine < 2.9.6 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion
Published
2025-10-04
Title
TS Demo Importer <= 0.1.2 - Missing Authorization
Published
2026-02-18
Title
CTX Feed – WooCommerce Product Feed Manager < 6.6.12 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation