WordPress Plugin Vulnerabilities

Image Hover Effects – Elementor Addon <= 1.4.4 - Missing Authorization

Description

The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
image-hover-effects-addon-for-elementor
No known fix

References

CVE
CVE-2025-57939
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7c9b9ab3-ecfa-49d0-820f-4edb5abae9ee

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
ch4r0n
Verified
No
WPVDB ID
e103c1f4-4c78-4a5c-af3d-4c95b1c39777

Timeline

Publicly Published
2025-09-22 (about 8 months ago)
Added
2025-09-26 (about 7 months ago)
Last Updated
2025-09-26 (about 7 months ago)

Other

Published
Title
Published
2026-03-18
Title
Fraud Prevention For WooCommerce and EDD < 2.3.4 - Missing Authorization to Unauthenticated Arbitrary Content Deletion
Published
2025-11-03
Title
DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update
Published
2026-01-13
Title
Solace < 2.1.17 - Missing Authorization
Published
2025-12-04
Title
WooCommerce Payment Gateway – Paysera < 3.11.0 - Missing Authorization
Published
2026-02-16
Title
leadlovers forms <= 1.0.2 - Missing Authorization