CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32515 – WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32515
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8. Vulnerabilidad de autorización faltante en Qamar Sheeraz, Nasir Ahmad Mega Addons para Elementor. Este problema afecta a Mega Addons para Elementor: desde n/a hasta 1.8. The Mega Addons For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/ultimate-addons-for-elementor/wordpress-mega-addons-for-elementor-plugin-1-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50890 – WordPress Ultimate Addons for Elementor plugin <= 1.36.20 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-50890
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20. Una vulnerabilidad de gestión de privilegios incorrecta en Brainstorm Force Ultimate Addons para Elementor permite la escalada de privilegios. Este problema afecta a Ultimate Addons para Elementor: desde n/a hasta 1.36.20. The Ultimate Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.36.20. This makes it possible for authenticated attackers, with contributor-level access and above, to register as an administrator on vulnerable sites. • https://patchstack.com/database/vulnerability/ultimate-elementor/wordpress-ultimate-addons-for-elementor-plugin-1-36-20-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •