Elementor Ally: Unauthorized Access to Configuration

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Elementor Ally: Unauthorized Access to Configuration

CVE-2026-25386

Summary

An issue in Elementor Ally's configuration settings allows unauthorized access to certain features. This affects Elementor Ally versions 4.0.2 and earlier. To fix this, update to the latest version of Elementor Ally to ensure proper access controls are in place.

Original title

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.

Original description

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.

nvd CVSS3.1 5.3

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/pojo-accessibility/vulnerabilit...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026