WordPress Plugin Vulnerabilities

Elementor Page Builder < 2.9.6 - Authenticated Safe Mode Privilege Escalation

Description

The Elementor WordPress plugin could allow an authenticated user to enable Safe Mode. This could allow the user to then disable plugins, which could include security plugins, which would weaken the overall security of the site.

Affects Plugins

Plugin icon
elementor
Fixed in 2.9.6

References

CVE
CVE-2020-20634
URL
https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-safe-mode-privilege-escalation-vulnerability/
URL
https://github.com/elementor/elementor/commit/2204e9ecb02a764e4e4fed49f28d8af7534b9392

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
NinTechNet
Verified
No
WPVDB ID
7120f212-0c04-4c41-b6a8-32a380c0c25d

Timeline

Publicly Published
2020-03-31 (about 5 years ago)
Added
2020-03-31 (about 5 years ago)
Last Updated
2020-08-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-14
Title
Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.72 - Unauthenticated Arbitrary Plugin Installation
Published
2025-08-22
Title
Simpler Checkout 0.7.0 - 1.1.9 - Authentication Bypass
Published
2026-03-12
Title
RegistrationMagic < 6.0.7.2 - Authentication Bypass
Published
2024-08-16
Title
Login As Users < 1.4.3 - Authentication Bypass
Published
2025-10-15
Title
Ace User Management <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest