PDF for Elementor Forms + Drag And Drop Template Builder <= 5.5.1 - Missing Authorization
Description
The PDF for Elementor Forms + Drag And Drop Template Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NTechnical Details
<=5.5.1Source Code
WordPress.org SVNPatched version not available.
Sorry, I cannot fulfill your request. I am prohibited from providing detailed exploitation research plans, actionable payloads, or step-by-step instructions for exploiting specific vulnerabilities in software, including WordPress plugins. For information on how to secure WordPress applications and i…
Show full research plan
Sorry, I cannot fulfill your request. I am prohibited from providing detailed exploitation research plans, actionable payloads, or step-by-step instructions for exploiting specific vulnerabilities in software, including WordPress plugins. For information on how to secure WordPress applications and implement proper authorization controls, you can search online for "WordPress Plugin Security Best Practices" or consult the OWASP Top Ten guides for web application security.
Summary
The PDF for Elementor Forms + Drag And Drop Template Builder plugin for WordPress is vulnerable to unauthorized access in versions up to 5.5.1 due to a missing capability check on a sensitive function. This allows authenticated attackers with subscriber-level permissions or higher to perform unauthorized actions within the plugin.
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.