CVE-2021-4445

Name of the Vulnerable Software and Affected Versions Premium Addons for Elementor versions up to, and including, 4.5.1 Premium Addons for Elementor versions prior to 2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c

Description The issue is due to missing capability and nonce checks in the pa dismiss admin notice AJAX action, making it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites. This is a high-severity vulnerability that impacts multiple versions of the plugin. Users are urged to update to the latest version immediately to mitigate risks.

Recommendations For versions up to, and including, 4.5.1: Update to the latest version immediately to secure your site. For versions prior to 2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c: Update to the latest version to safeguard your site. As a temporary workaround, consider disabling the pa dismiss admin notice AJAX action until a patch is available.