What the vulnerability does
01Description
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
Explanation of Vulnerability in Simple Terms
02Summary
Elementor Website Builder versions up to 3.35.5 contain an authorization flaw that allows high-privilege users to make limited modifications to site content. The vulnerability requires administrator-level access and does not affect data confidentiality or availability. Sites should update to a version newer than 3.35.5 to remediate this issue.
What an attacker can do
03Attacker Capabilities
A high-privilege user can make limited unauthorized modifications to site content.
Potential impact on your site
04Site Impact
Administrators with malicious intent or compromised admin accounts can alter site content in ways not intended by site policy.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level access to the WordPress site.
Key dates
06Disclosure timeline
March 13, 2026
CVE published
April 29, 2026
Record updated