The Plus Addons for Elementor Unauthenticated Email Relay Vulnerability

Vulnerability

A vulnerability exists in The Plus Addons for Elementor WordPress plugin, specifically in versions through 6.4.7. The issue arises from the plugin's AJAX handler, which decrypts and trusts email routing data controlled by attackers, without proper authentication. This flaw allows unauthenticated attackers to manipulate email redirection and routing, potentially leading to unauthorized email being sent or redirected.

Impact

Exploitation of this vulnerability could result in unauthorized email relay and redirection, allowing attackers to control where emails are sent or how they are received.

Remediation

Users are advised to update the plugin to version 6.4.8 or a newer patched version.

Added: Feb 22, 2026, 9:23 AM
Updated: Feb 22, 2026, 9:23 AM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
0.8
exploitability
8.2
remediation
7.7
relevance
2.0
threat
3.2
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.