What the vulnerability does
01Description
Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through <= 2.4.5.
Explanation of Vulnerability in Simple Terms
02Summary
Animation Addons for Elementor versions up to 2.4.5 lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can change animations and related settings on pages or posts beyond their assigned permissions. This affects sites where multiple user roles are in use and content isolation is expected.
What an attacker can do
03Attacker Capabilities
Modify animations and settings on pages or posts they lack permission to edit.
Potential impact on your site
04Site Impact
Unauthorized users can alter page animations and appearance, potentially defacing content or disrupting site design.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site (e.g., contributor or subscriber).
Key dates
06Disclosure timeline
December 9, 2025
CVE published
April 28, 2026
Record updated