Primary

Context

Sastra Addons for Elementor Missing Authorization Vulnerability in WordPress

Vulnerability

A vulnerability exists in the Spexo Addons for Elementor plugin, specifically in the Free Elementor Addons, Widgets and Templates version 1.0.14 and prior. The issue arises from a lack of proper capability checks in the 'tmpcoder_theme_install_func()' function, allowing authenticated attackers with Subscriber-level access or higher to install themes without authorization.

Impact

Exploitation of this vulnerability allows unauthorized theme installation by authenticated users with Subscriber-level access or above.

Remediation

Users are advised to update the Spexo Addons for Elementor plugin to version 1.0.15 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sastra Addons for Elementor Missing Authorization Vulnerability in WordPress

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating