PT-2025-39485 · WordPress · Shopengine Elementor Woocommerce Builder Addon

Published

2025-09-26

Updated

2025-09-26

CVE-2025-10173

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution versions prior to 4.8.4

Description The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is susceptible to unauthorized access. This is due to a flawed capability check within the post save() function. Authenticated attackers possessing Editor-level access or higher can modify the plugin’s settings.

Recommendations Update to version 4.8.4 or later.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-10173

Affected Products

Shopengine Elementor Woocommerce Builder Addon

PT-2025-39485 · WordPress · Shopengine Elementor Woocommerce Builder Addon

CVE-2025-10173

Weakness Enumeration

Related Identifiers

Affected Products

References · 6