WordPress ElementsKit Lite <=3.9.6 Broken Access Control Advisory

Vulnerability Overview Vulnerability Name: Broken Access Control Vulnerability in WordPress ElementsKit Elementor addons Lite Plugin <= 3.9.6 Vulnerability Type: Broken Access Control Priority: Low Priority CVSS Score: 4.3 Scope of Impact Affected Versions: <= 3.9.6 Software Type: WordPress Plugin Vulnerability Description: Lack of authorization, authentication, or nonce token checks may allow unauthorized users to perform higher-privileged actions. Remediation Current Status: No official patch available Recommended Measures: Immediately update the affected plugin. If an update is not possible, contact your hosting provider or website developer for assistance. Additional Information Reporter: Bonds Report Date: January 18, 2026 Early Warning Sent Date: May 27, 2026 Public Release Date: May 27, 2026 Risk Explanation Risk Level: Low Risk Risk Description: Such vulnerabilities are often used in large-scale attack campaigns, where attackers exploit them to target hundreds of thousands of websites, regardless of traffic volume or popularity. Solution Solution: This security issue has limited impact and is unlikely to be exploited. Detailed Information Software Name: ElementsKit Elementor addons Lite Type: Plugin Affected Versions: <= 3.9.6 Vulnerability Type: Broken Access Control Timeline Report Date: January 18, 2026 Early Warning Sent Date: May 27, 2026 Public Release Date: May 27, 2026 Frequently Asked Questions How to provide the fastest protection? How does Patchstack mitigate vulnerabilities? Why would hackers target my website? What if my website has already been compromised? Subscription Subscription Content: Weekly WordPress Security Intelligence How to Subscribe: Enter your email address and click the subscribe button. Footer Information Links: Pricing, Case Studies, Login, Start Free Trial Copyright: © 2026 Patchstack Other Links: DPA, Privacy Policy, Accessibility, Terms and Conditions Code Snippets POC Code: No POC code or exploit code is included in this page. Summary This page provides a detailed overview of the Broken Access Control vulnerability in WordPress ElementsKit Elementor addons Lite Plugin <= 3.9.6, including vulnerability overview, scope of impact, remediation, risk explanation, solution, detailed information, timeline, FAQs, subscription information, and footer information. Users are advised to immediately update the affected plugin to mitigate potential risks.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress ElementsKit Lite <=3.9.6 Broken Access Control Advisory

More from this source