CVE-2025-63079
Deferred Deferred - Pending Action
Contributor Broken Access Control in Live Copy Paste for Elementor

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2025-63079
EUVD
EUVD-2025-210353
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack live_copy_paste_for_elementor to 1.5.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability is a Broken Access Control issue that allows unprivileged users to perform higher-privileged actions due to missing authorization, authentication, or nonce token checks.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, broken access control vulnerabilities can potentially lead to unauthorized access to sensitive data, which may impact compliance with data protection regulations.

However, given the low severity score (CVSS 4.3) and no evidence of active exploitation, the immediate risk to compliance may be limited but should not be ignored.

Users are advised to update the plugin or seek assistance to mitigate any potential compliance risks.

Executive Summary

The vulnerability in the WordPress Live Copy Paste for Elementor Plugin (versions 1.5.3 and below) is a Broken Access Control issue. It allows unprivileged users to perform actions that normally require higher privileges because of missing authorization, authentication, or nonce token checks.

This means that users without proper permissions can bypass security controls and potentially manipulate or access features they should not be able to.

Impact Analysis

This vulnerability can impact you by allowing users with low privileges to perform higher-privileged actions within the plugin, potentially leading to unauthorized changes or access.

Although the severity is considered low (CVSS score 4.3) and there is no evidence of active exploitation, the risk remains that unauthorized users could misuse the plugin's functionality.

Users are advised to update the plugin immediately or seek assistance from their hosting provider or developer to mitigate this risk.

Detection Guidance

The vulnerability affects the WordPress Live Copy Paste for Elementor Plugin versions 1.5.3 and below, involving broken access control that allows unprivileged users to perform higher-privileged actions.

There is no specific detection method or commands provided in the available information to identify this vulnerability on your network or system.

Mitigation Strategies

Since there is no official patch available for this vulnerability as of the report date, the recommended immediate step is to update the plugin to a non-vulnerable version once it becomes available.

In the meantime, users are advised to seek assistance from their hosting provider or developer to implement any possible mitigations or workarounds.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63079. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart