CVE-2021-4447: Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation
First published: Wed Oct 16 2024(Updated: )
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpdeveloper Essential Addons For Elementor | <4.6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.wordfence.com/threat-intel/vulnerabilities/id/be098ee9-b749-4908-85e8-e717d019609a?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- vendor/wpdeveloper
- canonical/wpdeveloper essential addons for elementor