Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026
Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation
CVE-2021-4447
Description
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=4.6.4
- wpdevteam/Essential Addons for Elementor – Popular Elementor Templates & Widgetsv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.