Report
The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme.
Score:4.3
Severity:Medium
Version: 1.0.14
There is a patch available in v1.0.15 and we strongly recommend you update to this version as soon as possible.
