WordPress Plugin Vulnerabilities
DethemeKit For Elementor <= 2.1.10 - Missing Authorization
Description
The DethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.1.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
Affects Plugins
References
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Que Thanh Tuan - Blue Rock
Verified
No
WPVDB ID
Timeline
Publicly Published
2025-09-22 (about 9 months ago)
Added
2025-09-26 (about 9 months ago)
Last Updated
2025-09-26 (about 9 months ago)