Responsive Addons for Elementor < 2.0.9 – Missing Authorization | CVE 2025-69363 | Plugin Vulnerabilities

Description

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

responsive-addons-for-elementor

Fixed in 2.0.9

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/ee9b78d6-da16-4668-a118-61cd3adbab58

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abu Hurayra (HurayraIIT)

Verified

No

WPVDB ID

65662da3-2739-44dd-8320-791e7ec31dde

Timeline

Publicly Published

2026-01-12 (about 4 months ago)

Added

2026-01-19 (about 4 months ago)

Last Updated

2026-01-19 (about 4 months ago)

Other

Published

Title

Published

2024-08-12

Title

Icegram < 3.1.25 - Missing Authorization

Published

2025-06-18

Title

GiveWP – Donation Plugin and Fundraising Platform < 4.3.1 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification

Published

2023-05-05

Title

WP Job Portal < 2.0.2 - Unauthenticated Settings Update

Published

2026-03-01

Title

Accept PayPal Payments using Contact Form 7 <= 4.0.5 - Missing Authorization

Published

2026-02-11

Title

FullCalendar <= 1.6 - Missing Authorization