VYPR
Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026

Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation

CVE-2021-4447

Description

The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.