What the vulnerability does
01Description
Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.1.
Explanation of Vulnerability in Simple Terms
02Summary
ElementInvader Addons for Elementor versions 1.4.1 and earlier lack proper authorization checks on certain functions. A logged-in user with low privileges can read or modify data they should not have access to. Update to a version newer than 1.4.1 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Read or modify data without proper authorization as a low-privilege logged-in user.
Potential impact on your site
04Site Impact
Unauthorized users can access or alter sensitive site data, compromising content integrity and confidentiality.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the site and network access to the Elementor installation.
Key dates
06Disclosure timeline
February 3, 2026
CVE published
April 28, 2026
Record updated