Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

CVE-2021-4448

Description

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.

Affected products

Sayenthemes/Kaswara Modern Vc Addonsv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477mitre
www.wordfence.com/threat-intel/vulnerabilities/id/3bf76527-9a11-4755-992c-02fbc1a79baemitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.039
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000