EUVD-2026-32545
GHSA-4fvr-xj2h-j282
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6.
AnalysisAI
Missing authorization in ElementsKit Elementor addons Lite (WordPress plugin by Wpmet) through version 3.9.6 allows unauthenticated remote attackers to exploit incorrectly configured access control, resulting in limited unauthorized read access to protected data or functionality. The CVSS vector confirms network-based, zero-interaction exploitation with no authentication required, and SSVC classifies it as automatable - meaning attackers can scan and exploit at scale without manual intervention. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today