What the vulnerability does
01Description
Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
Explanation of Vulnerability in Simple Terms
Element Pack Pro versions before 8.0.0 lack proper authorization checks on certain functions. A logged-in user with low privileges can read or modify data they should not have access to. The vulnerability requires valid site credentials but no special interaction. Update to version 8.0.0 or later to fix the issue.
What an attacker can do
Read or modify data without proper authorization as a low-privilege logged-in user.
Potential impact on your site
Logged-in users can access or change content and settings beyond their intended permissions.
Conditions required to exploit
Attacker must have a valid low-privilege account on the site.
Key dates
External resources