Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! 2.1.2

  • Severity: medium-risk
  • Status: Fixed
  • Publication: April 22, 2024

The Elespare plugin for WordPress allows you to easily create blog, news, and magazine websites using pre-designed templates. However, it has a security vulnerability that allows unauthorized users to create posts without proper permission checks. This means that someone with at least subscriber-level access can create any type of post they want.

Detected in:

EleSpare – Elementor Addons for News, Magazine & Blog Sites | 500+ Drag & Drop Templates, Header & Footer Builder, Post Grids, Sliders, Carousels, Lists, Tiles & More fixed vulnerable versions:
Elespare – News, Magazine and Blog Elements & Blog Addons for Elementor with Header Footer Builder. One Click Import: No Coding Required! fixed vulnerable versions: >= * <= 2.1.2
EleSpare — News, Magazine and Blog Addons for Elementor fixed vulnerable versions:
Elespare: Complete Elementor Blog Addons – Post Grids, Sliders, Templates, Header/Footer Builder & Starter Site Imports fixed vulnerable versions:
EleSpare: Dynamic Elementor Addons for News, Blogs & Magazines – 35+ Post Grids, Sliders, Carousels, Lists & Tiles, 350+ Templates, Header/Footer Builder & Fast Import fixed vulnerable versions:
Elespare: Ultimate Blog Addons for Elementor fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.