Vertex Addons For Elementor

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4326 HIGH This Week

Missing authorization bypass in Vertex Addons for Elementor (WordPress plugin, all versions ≤1.6.4) allows authenticated attackers with Subscriber-level privileges to install and activate arbitrary WordPress plugins. The activate_required_plugins() function checks current_user_can('install_plugins') capability but fails to halt execution on denial, permitting installation/activation to proceed before error response is sent. CVSS 8.8 (High) reflects authenticated (PR:L) network attack enabling high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.

WordPress PHP Privilege Escalation Vertex Addons For Elementor
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4326
EPSS 0% CVSS 8.8
HIGH This Week

Missing authorization bypass in Vertex Addons for Elementor (WordPress plugin, all versions ≤1.6.4) allows authenticated attackers with Subscriber-level privileges to install and activate arbitrary WordPress plugins. The activate_required_plugins() function checks current_user_can('install_plugins') capability but fails to halt execution on denial, permitting installation/activation to proceed before error response is sent. CVSS 8.8 (High) reflects authenticated (PR:L) network attack enabling high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.

WordPress PHP Privilege Escalation +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy