PT-2026-31563 · WordPress+1 · Vertex Addons For Elementor+1

Athiwat Tiprasaharn

Published

2026-04-09

Updated

2026-04-18

CVE-2026-4326

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vertex Addons for Elementor plugin for WordPress versions up to and including 1.6.4

Description The Vertex Addons for Elementor plugin for WordPress is susceptible to a missing authorization issue. This is caused by insufficient authorization checks within the activate required plugins() function. The current user can('install plugins') capability check does not halt execution upon failure, instead only setting an error message while allowing plugin installation and activation to proceed. This allows authenticated attackers with Subscriber-level access or higher to install and activate arbitrary plugins.

Recommendations Update Vertex Addons for Elementor plugin to a version greater than 1.6.4.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-4326

Affected Products

Elementor

Vertex Addons For Elementor

PT-2026-31563 · WordPress+1 · Vertex Addons For Elementor+1

CVE-2026-4326

Weakness Enumeration

Related Identifiers

Affected Products

References · 17