CVE-2026-24605
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.
AnalysisAI
Inadequate access control in X Addons for Elementor up to version 1.0.23 permits authenticated users to bypass authorization checks and access restricted functionality. An attacker with valid credentials can exploit misconfigured security levels to gain unauthorized access to sensitive features or data. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects pencilwp X Addons for Elementor x-addons-elementor. Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.
Affected ProductsAI
Product: pencilwp X Addons for Elementor x-addons-elementor.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today