CVE-2021-4445 – This vulnerability in the Premium Addons for El... (How to Fix)

Q: What is the severity of CVE-2021-4445?

CVE-2021-4445 has a CVSS score of 6.5 (MEDIUM). This vulnerability in the Premium Addons for Elementor WordPress plugin allows authenticated attackers with subscriber-level access or higher to modify arbitrary WordPress options, setting them to a restricted value of 1. This affects WordPress sites using the plugin version 4.5.1 or earlier. The issue stems from missing capability checks and nonce validation in an AJAX endpoint.

📋 TL;DR

This vulnerability in the Premium Addons for Elementor WordPress plugin allows authenticated attackers with subscriber-level access or higher to modify arbitrary WordPress options, setting them to a restricted value of 1. This affects WordPress sites using the plugin version 4.5.1 or earlier. The issue stems from missing capability checks and nonce validation in an AJAX endpoint.

💻 Affected Systems

Products:

Premium Addons for Elementor WordPress plugin

Versions: Up to and including 4.5.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin activated. Any authenticated user with subscriber role or higher can exploit.

📦 What is this software?

Premium Addons For Elementor by Leap13

View all CVEs affecting Premium Addons For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could enable dangerous WordPress features, disable security plugins, modify site configurations to allow further exploitation, or disrupt site functionality by changing critical options.

🟠

Likely Case

Attackers would modify less critical options to create backdoors, disable security features, or alter site behavior for malicious purposes like SEO spam or redirects.

🟢

If Mitigated

With proper user role management and network segmentation, impact would be limited to subscriber-accessible areas only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward via crafted AJAX requests. Public proof-of-concept code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.2

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2590819%40premium-addons-for-elementor&new=2590819%40premium-addons-for-elementor&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Premium Addons for Elementor'. 4. Click 'Update Now' if available, or download version 4.5.2+ from WordPress.org. 5. Activate the updated plugin.

🔧 Temporary Workarounds

Disable vulnerable AJAX endpoint

all

Remove or block access to the vulnerable pa_dismiss_admin_notice AJAX action

Add to theme's functions.php or custom plugin: remove_action('wp_ajax_pa_dismiss_admin_notice', 'pa_dismiss_admin_notice');
Add to .htaccess if using Apache: RewriteCond %{QUERY_STRING} action=pa_dismiss_admin_notice [NC]\nRewriteRule .* - [F,L]

Restrict user registration

all

Temporarily disable new user registration to prevent attacker account creation

In WordPress admin: Settings > General > Membership: Uncheck 'Anyone can register'

🧯 If You Can't Patch

Immediately deactivate the Premium Addons for Elementor plugin
Implement strict user role management and review all subscriber+ accounts for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel: Plugins > Installed Plugins, find Premium Addons for Elementor and verify version is 4.5.1 or lower.

Check Version:

wp plugin list --name="premium-addons-for-elementor" --field=version (WP-CLI) or check wp-content/plugins/premium-addons-for-elementor/premium-addons-for-elementor.php Version header

Verify Fix Applied:

Confirm plugin version is 4.5.2 or higher in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

AJAX requests to /wp-admin/admin-ajax.php with action=pa_dismiss_admin_notice from non-admin users
WordPress option changes in wp_options table from low-privileged users

Network Indicators:

POST requests to admin-ajax.php with pa_dismiss_admin_notice action parameter

SIEM Query:

source="wordpress.log" AND "admin-ajax.php" AND "pa_dismiss_admin_notice" AND NOT user_role="administrator"

📊 Metadata

CVE ID: CVE-2021-4445

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-862

Published: October 16, 2024

Last Updated: March 6, 2025

🔗 References

https://ithemes.com/blog/wordpress-vulnerability-report-september-2021-part-2/#ib-toc-anchor-2 Mailing List,Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2590819%40premium-addons-for-elementor&new=2590819%40premium-addons-for-elementor&sfp_email=&sfph_mail= Patch
https://wordpress.org/plugins/premium-addons-for-elementor/ Product
https://wpscan.com/vulnerability/2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c Exploit,Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/cffb26bc-3d3f-4593-bb36-d2abcd67861e?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-4445, you might also want to check these: