PT-2025-31735 · WordPress · Ultimate Addons For Elementor
Peter Thaleikis
·
Published
2025-08-02
·
Updated
2025-08-03
·
CVE-2025-8488
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Ultimate Addons for Elementor versions up to and including 2.4.6
Description
The Ultimate Addons for Elementor plugin for WordPress contains a flaw that allows unauthorized data modification. A missing capability check within the
save hfe compatibility option callback() function permits authenticated attackers with Subscriber-level access or higher to modify the compatibility option setting.Recommendations
Update Ultimate Addons for Elementor to a version later than 2.4.6.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ultimate Addons For Elementor