cleantalk
Vulnerabilities and Security Researches

Better Elementor Addons, CVE-2023-41656

CVE, Research URL

CVE-2023-41656

Home page URL

Security reports for Better Elementor Addons

Application

Better Elementor Addons

Published on
-
Research Description
The Better Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bea_admin_ajax() function hooked via an AJAX action in versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to save and reset the plugin's settings.
Affected versions
max 1.3.8.
Status
vulnerable
Previous vulnerability researches
Better Elementor Addons (CVE-2023-41656) , Jun 10, 2024
Better Elementor Addons (CVE-2022-4974) , Nov 15, 2024
Better Elementor Addons (CVE-2024-2280) , Jun 07, 2024
Better Elementor Addons (CVE-2024-33541) , Jun 07, 2024
Better Elementor Addons (CVE-2024-34432) , Jun 07, 2024
New vulnerability
WooMS (CVE-2025-57957) , Apr 20, 2026
Simple User Registration (CVE-2026-0844) , Apr 20, 2026
Kubio AI Page Builder (CVE-2026-5427) , Apr 20, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-3330) , Apr 20, 2026
Sell Photo (2ce065d802b631a3fa4492d5366f0ffc4e0ee37b) , Apr 19, 2026