Ultimate Addons for Elementor Missing Authorization Vulnerability Allowing Unauthorized Data Modification

A vulnerability exists in the Ultimate Addons for Elementor (formerly Elementor Header & Footer Builder) WordPress plugin, in all versions through 2.4.6. The issue arises from a lack of proper capability checks in the 'save_hfe_compatibility_option_callback' function, which allows authenticated attackers with Subscriber-level access or higher to unauthorizedly modify the compatibility option setting.

Impact

Exploitation of this vulnerability allows for unauthorized modification of plugin settings, specifically the compatibility option, which could lead to improper functionality or behavior of the plugin.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access can send a request to the 'wp_ajax_save_theme_compatibility_option' action without the necessary capability to manage options. The request can include the 'hfe_compatibility_option' data, which will be processed by the vulnerable callback function, resulting in an unauthorized update of the compatibility option.

Remediation

Users are advised to update the Ultimate Addons for Elementor plugin to version 2.4.7 or later, where this vulnerability has been patched.