CVE-2021-4445
Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites.
| CWE | CWE-862 |
| Vendor | leap13 |
| Product | premium addons for elementor – powerful elementor templates & widgets |
| Published | Oct 16, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for leap13 premium addons for elementor – powerful elementor templates & widgets
Be the first to know when new medium vulnerabilities affecting leap13 premium addons for elementor – powerful elementor templates & widgets are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
leap13 / Premium Addons for Elementor – Powerful Elementor Templates & Widgets
0 ≤ 4.5.1
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/cffb26bc-3d3f-4593-bb36-d2abcd67861e?source=cve ithemes.com: https://ithemes.com/blog/wordpress-vulnerability-report-september-2021-part-2/#ib-toc-anchor-2 wpscan.com: https://wpscan.com/vulnerability/2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c wordpress.org: https://wordpress.org/plugins/premium-addons-for-elementor/ plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2590819%40premium-addons-for-elementor&new=2590819%40premium-addons-for-elementor&sfp_email=&sfph_mail=
Credits
WPScanTeam