3 matches found
WordPress Ultimate Addons for Elementor - Lite plugin <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update vulnerability
WordPress Ultimate Addons for Elementor - Lite plugin = 2.4.6 - Missing Authorization to Authenticated Subscriber+ Limited Settings Update vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 2.4.6...
CVE-2025-8488 Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...
CVE-2025-8488
CVE-2025-8488 affects Ultimate Addons for Elementor (formerly Elementor Header & Footer Builder) for WordPress, with versions up to 2.4.6 vulnerable due to a missing capability check in the save_hfe_compatibility_option_callback() function. This enables authenticated attackers with Subscriber-lev...