CVE-2024-56225 MEDIUM

CVE-2024-56225: WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability

Vendor Leap13

Product Premium Addons for Elementor

Weakness CWE-862 · Missing authorization

Published December 31, 2024

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.56.

Key dates

02Disclosure timeline

December 31, 2024 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-56225

Related vulnerabilities

04Related CVE

CVE-2025-68503 WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability CVE-2025-15476 The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting CVE-2025-26372 CVE-2025-62147 WordPress Realbig plugin <= 1.1.3 - Broken Access Control vulnerability