CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-56028

CVSS 9.8v3.1pub. 2026-06-26upd. 2026-06-29

Unauthenticated Privilege Escalation in Easy Elements for Elementor &#8211; Addons &amp; Website Templates <= 1.4.9 versions.

🤖 AI Analysis
How it works

The vulnerability results from improper permission management (CWE-266) in the plugin code. An attacker without any account in the WordPress system can send an appropriately crafted network request and obtain a higher level of access than they are entitled to. The lack of identity verification mechanisms and access control allows privilege escalation from the network level without any authorization.

Impact

Attackers can gain elevated privileges in the WordPress system, which may consequently lead to complete takeover of the website, content modification, data theft, or installation of malicious software.

Mitigation & patch

The Easy Elements for Elementor plugin should be updated immediately to a version higher than 1.4.9. Details regarding the patch are available in the Patchstack database and in the WordPress plugin repository.

Who is affected

Easy Elements for Elementor – Addons & Website Templates plugin in versions up to and including 1.4.9.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References