CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-4446

MEDIUM
6.3
CVSS Severity Score
EPSS Score0.0880%
EPSS Percentile31.49th
Published2024年10月16日
Last Modified2025年1月10日

Vulnerability Description

The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins.

Affected Platforms (CPE)

📦
Wpdeveloper

Essential Addons For Elementor

< 4.6.5

References & Advisories

🔗 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=
🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/283fb581-8b61-4008-a5c4-2e1490fab33e?source=cve

相關漏洞威脅

CVE-2021-44478.8

The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6...

CVE-2021-242555.4

The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scr...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...