Name of the Vulnerable Software and Affected Versions:

Ultimate Addons for Elementor versions up to and including 2.4.6

Description:

The Ultimate Addons for Elementor plugin for WordPress contains a flaw that allows unauthorized data modification. A missing capability check within the `save hfe compatibility option callback()` function permits authenticated attackers with Subscriber-level access or higher to modify the compatibility option setting.

Recommendations:

Update Ultimate Addons for Elementor to a version later than 2.4.6.