WordPress Plugin Vulnerabilities

Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update

Description

The plugin does not have any CSRF and authorisation checks in the pa_dismiss_admin_notice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update arbitrary WordPress options and set them to the value '1'. An attacker changing the users_can_register would enable users registration, other options could be changed to make the blog unusable as well.

Proof of Concept

Affects Plugins

Plugin icon
premium-addons-for-elementor
Fixed in 4.5.2

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
7.1 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c

Timeline

Publicly Published
2021-08-30 (about 4 years ago)
Added
2021-08-30 (about 4 years ago)
Last Updated
2021-08-30 (about 4 years ago)

Other

Published
Title
Published
2021-10-05
Title
Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
Published
2021-10-26
Title
Bulk Datetime Change < 1.12 - Missing Authorisation
Published
2021-04-14
Title
BuddyPress < 7.3.0 - Multiple Authenticated REST API Vulnerabilities
Published
2021-01-22
Title
Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure
Published
2025-09-29
Title
SmartCrawl SEO checker, analyzer & optimizer < 3.14.4 - Missing Authorization to Plugin Settings Update