CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_hfe_compatibility_option_callback ()function in all versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the compatibility option setting.
Explanation of Vulnerability in Simple Terms
Ultimate Addons for Elementor versions up to 2.4.6 lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can alter site data without proper permission validation. Update to a version newer than 2.4.6 to resolve this issue.
What an attacker can do
Modify site content or settings without proper authorization.
Potential impact on your site
Unauthorized users can alter your site's content, pages, or settings through the plugin.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities
