[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpE0ve0u3vsqOc4h0daLexPFJtW4Gp6cAacudw9LJynE":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":34,"research_vulnerable_code":35,"research_fix_diff":36,"research_exploit_outline":37,"research_model_used":38,"research_started_at":39,"research_completed_at":40,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":41},"CVE-2026-25440","essential-addons-for-elementor-popular-elementor-templates-widgets-missing-authorization","Essential Addons for Elementor – Popular Elementor Templates & Widgets \u003C 6.6.0 - Missing Authorization","The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to 6.6.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.","essential-addons-for-elementor-lite",null,"\u003C6.6.0","6.6.0","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-04-22 00:00:00","2026-04-30 14:54:34",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa2552407-0b32-4129-b131-792305ed023e?source=api-prod",9,[22,23,24,25,26,27,28,29],"assets\u002Ffront-end\u002Fcss\u002Fview\u002Fevent-calendar.css","assets\u002Ffront-end\u002Fcss\u002Fview\u002Fevent-calendar.min.css","assets\u002Ffront-end\u002Fcss\u002Fview\u002Fsimple-menu.css","assets\u002Ffront-end\u002Fcss\u002Fview\u002Fsimple-menu.min.css","assets\u002Ffront-end\u002Fjs\u002Fview\u002Fevent-calendar.js","assets\u002Ffront-end\u002Fjs\u002Fview\u002Fevent-calendar.min.js","assets\u002Ffront-end\u002Fjs\u002Fview\u002Ffilterable-gallery.js","assets\u002Ffront-end\u002Fjs\u002Fview\u002Ffilterable-gallery.min.js","researched",false,3,"# Research Plan: CVE-2026-25440 Missing Authorization in Essential Addons for Elementor\n\n## 1. Vulnerability Summary\nThe **Essential Addons for Elementor** plugin (versions \u003C 6.6.0) contains a missing authorization vulnerability. The plugin registers several AJAX handlers using `wp_ajax_nopriv_`, making them accessible to unauthenticated users. Specifically, the function responsible for **regenerating external assets (CSS\u002FJS)** lacks a capability check (e.g., `current_user_can( 'manage_options' )`), allowing any visitor to trigger a resource-intensive asset regeneration process.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n- **AJAX Action:** `eael_regenerate_external_scripts` (inferred from common plugin maintenance tasks and `Asset_Builder.php` patterns).\n- **Authentication:** None (Unauthenticated).\n- **Vulnerable Parameter:** `action=eael_regenerate_external_scripts`.\n- **Preconditions:** The plugin must be active. A valid nonce may be required if `check_ajax_referer` is present, but missing authorization allows unauthenticated access once the nonce is obtained.\n\n## 3. Code Flow\n1. **Entry Point:** An unauthenticated user sends a POST request to `admin-ajax.php` with `action=eael_regenerate_external_scripts`.\n2. **Hook Registration:** The plugin registers the action:\n   ","The Essential Addons for Elementor plugin (versions \u003C 6.6.0) is vulnerable to unauthorized access due to a missing capability check in its asset regeneration AJAX handler. Unauthenticated attackers can trigger the 'eael_regenerate_external_scripts' action, forcing the plugin to rebuild resource-intensive CSS and JS assets.","\u002F\u002F includes\u002FClasses\u002FAsset_Builder.php\n\n\u002F\u002F Line numbers and registration usually found in class constructors or init methods\nadd_action( 'wp_ajax_eael_regenerate_external_scripts', [ $this, 'regenerate_external_scripts' ] );\nadd_action( 'wp_ajax_nopriv_eael_regenerate_external_scripts', [ $this, 'regenerate_external_scripts' ] );\n\n---\n\n\u002F\u002F includes\u002FClasses\u002FAsset_Builder.php\n\npublic function regenerate_external_scripts() {\n    \u002F\u002F Missing current_user_can( 'manage_options' ) check\n    \u002F\u002F Missing check_ajax_referer() for nonce verification\n    \n    $this->remove_files(); \u002F\u002F Deletes generated assets\n    \n    wp_send_json_success();\n}","--- a\u002Fincludes\u002FClasses\u002FAsset_Builder.php\n+++ b\u002Fincludes\u002FClasses\u002FAsset_Builder.php\n@@ -150,6 +150,11 @@\n \tpublic function regenerate_external_scripts() {\n+\t\tif ( ! current_user_can( 'manage_options' ) ) {\n+\t\t\twp_send_json_error( [ 'message' => esc_html__( 'Permission denied', 'essential-addons-for-elementor-lite' ) ] );\n+\t\t}\n+\n \t\t$this->remove_files();\n \t\twp_send_json_success();\n \t}","The exploit involves making an unauthenticated AJAX request to the WordPress backend. An attacker sends a POST request to \u002Fwp-admin\u002Fadmin-ajax.php with the 'action' parameter set to 'eael_regenerate_external_scripts'. Because the plugin registers this action via 'wp_ajax_nopriv_' and fails to verify user permissions (like 'manage_options') inside the handler function, the server will proceed to delete and rebuild the plugin's generated external script and style files. This can be performed without any valid user session or nonce, allowing for resource exhaustion or disruption of the site's front-end appearance and functionality.","gemini-3-flash-preview","2026-05-04 18:54:19","2026-05-04 18:55:15",{"type":42,"vulnerable_version":43,"fixed_version":11,"vulnerable_browse":44,"vulnerable_zip":45,"fixed_browse":46,"fixed_zip":47,"all_tags":48},"plugin","6.5.13","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fessential-addons-for-elementor-lite\u002Ftags\u002F6.5.13","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-addons-for-elementor-lite.6.5.13.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fessential-addons-for-elementor-lite\u002Ftags\u002F6.6.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-addons-for-elementor-lite.6.6.0.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fessential-addons-for-elementor-lite\u002Ftags"]