CVE-2026-49053
Description
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in ElementsKit Elementor addons Lite (≤3.9.6) allows unprivileged users to exploit broken access control.
Vulnerability
A missing authorization vulnerability exists in the ElementsKit Elementor addons Lite plugin for WordPress, affecting versions from n/a through 3.9.6. The plugin fails to properly enforce access controls on certain functions, allowing exploitation of incorrectly configured access control security levels [1].
Exploitation
An attacker can exploit this vulnerability without requiring authentication or with minimal privileges, by sending crafted requests to endpoints that lack authorization checks [1]. The exact steps depend on the specific missing check, but the attack can be carried out remotely.
Impact
Successful exploitation allows an unprivileged attacker to perform actions reserved for higher-privileged users, potentially leading to unauthorized data modification, disclosure, or other administrative actions [1]. This can compromise the security of the WordPress site.
Mitigation
The vulnerability affects ElementsKit Elementor addons Lite version 3.9.6 and earlier. As a mitigation, users should update the plugin to the latest available version (beyond 3.9.6) as recommended by the source [1]. No other workaround is provided.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=3.9.6
- Range: <=3.9.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.