CVE-2025-55712: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-55712) was discovered in POSIMYTH's The Plus Addons for Elementor Page Builder Lite plugin affecting versions through 6.3.13. The vulnerability was reported by Peter Thaleikis on August 3, 2025, and publicly disclosed on August 14, 2025. This security issue involves incorrectly configured access control security levels in the plugin (Patchstack).

The vulnerability is classified as a broken access control issue (CWE-862) with a CVSS v3.1 base score of 6.5 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is unchanged (S:U) with no impact on confidentiality (C:N), high impact on integrity (I:H), and no impact on availability (A:N) (AttackerKB).

The vulnerability could allow an unprivileged user to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. While the specific impact varies case by case, the CVSS scoring indicates a high impact on system integrity (Patchstack).

Users are advised to update to version 6.3.14 or later to remediate this vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins (Patchstack).