CVE Catalog

CVE-2026-25440

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile — higher than 12% of all known CVEs

Summary

Unauthenticated Broken Access Control exists in Essential Addons for Elementor versions below 6.6.0.

Risk Assessment

The organization may be exposed to unauthorized access to resources, potentially leading to data leaks or unauthorized modifications.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS