CyberSec.Space Logo
Back to CVE Browser

CVE-2021-4446

MEDIUM
6.3
CVSS Severity Score
EPSS Score0.0880%
EPSS Percentile31.49th
PublishedOct 16, 2024
Last ModifiedJan 10, 2025

Vulnerability Description

The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins.

Affected Platforms (CPE)

📦
Wpdeveloper

Essential Addons For Elementor

< 4.6.5

References & Advisories

🔗 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=
🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/283fb581-8b61-4008-a5c4-2e1490fab33e?source=cve

Related Vulnerabilities

CVE-2021-44478.8

The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6...

CVE-2021-242555.4

The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scr...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...