CVE-2025-69300
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| premium_addons | premium_addons_for_elementor | to 4.11.63 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the Leap13 Premium Addons for Elementor plugin. It allows attackers to exploit incorrectly configured access control security levels, potentially gaining unauthorized access or performing actions they should not be allowed to within the affected versions of the plugin (up to version 4.11.63).
How can this vulnerability impact me? :
The impact of this vulnerability could include unauthorized access to restricted features or data within the Elementor plugin, leading to potential data exposure, unauthorized changes, or other security breaches depending on the plugin's functionality and the level of access gained by an attacker.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if the installed version of the Premium Addons for Elementor plugin is version 4.11.63 or earlier, as these versions are vulnerable. You can check the plugin version in your WordPress installation by running the command: wp plugin list --status=active | grep premium-addons-for-elementor. Additionally, monitoring for unauthorized settings changes by users with Subscriber or Developer privileges may indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Premium Addons for Elementor plugin to version 4.11.64 or later, where the vulnerability is fixed. Using automated update options provided by Patchstack can facilitate rapid patching. Restricting access privileges to trusted users and monitoring for unauthorized settings changes can also help reduce risk. [1]