WordPress Plugin Vulnerabilities

Premium Addons for Elementor < 4.10.57 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
premium-addons-for-elementor
Fixed in 4.10.57

References

CVE
CVE-2024-56225
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/575a648a-6bf0-42d9-964e-59800e856bd0

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
c0f7d868-7873-4b29-826a-444d6223a2b4

Timeline

Publicly Published
2024-12-19 (about 1 year ago)
Added
2025-01-13 (about 1 year ago)
Last Updated
2025-01-13 (about 1 year ago)

Other

Published
Title
Published
2026-01-19
Title
SEO Booster <= 6.1.8 - Missing Authorization
Published
2026-02-23
Title
DesignThemes Directory Addon <= 1.8 - Missing Authorization
Published
2025-11-17
Title
Restrictions for BuddyPress < 1.5.3 - Missing Authorization to Unauthenticated Tracking Status Update
Published
2026-05-12
Title
MonsterInsights < 10.1.3 - Subscriber+ Sensitive Information Exposure and Plugin Integration Reset
Published
2026-03-03
Title
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder < 1.6.1 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()