Title: vulnerability Last modified: May 28, 2026 --- # vulnerability * Resolved [developeresfera](https://wordpress.org/support/users/developeresfera/) * (@developeresfera) * [1 week, 4 days ago](https://wordpress.org/support/topic/vulnerability-173/) * Hi Team, I got email from WP Engine Website related to plugin have vulnerability in current email. I will attache the screen shot of the email here also.At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified resources that may be utilizing a vulnerable version of the elementskit-lite plugin.The site oyjourney2 on is running version 3.9.6.WP Engine summary of the vulnerability: This vulnerability allows any unauthenticated user to perform actions that only an administrator should be allowed to do.This vulnerability’s information has been verified by Patchstack. Please note that questions related to this notification should be directed to Patchstack, the plugin author or the 3rd-party researcher for the most accurate information.Resources providing further information on this vulnerability:[https://patchstack.com/database/vulnerability/elementskit-lite/wordpress-elementskit-elementor-addons-lite-plugin-3-9-6-broken-access-control-vulnerability-2?_a_id=473](https://patchstack.com/database/vulnerability/elementskit-lite/wordpress-elementskit-elementor-addons-lite-plugin-3-9-6-broken-access-control-vulnerability-2?_a_id=473) [https://patchstack.com/database/vulnerability/elementskit-lite/wordpress-elementskit-elementor-addons-lite-plugin-3-9-6-broken-access-control-vulnerability?_a_id=473](https://patchstack.com/database/vulnerability/elementskit-lite/wordpress-elementskit-elementor-addons-lite-plugin-3-9-6-broken-access-control-vulnerability?_a_id=473) There does not appear to be a fix for this update at this moment and we recommend updating when one becomes available.We always suggest making a backup before making any changes. You can learn how to do this in this article: [https://wpengine.com/support/restore/](https://wpengine.com/support/restore/). Would you like to avoid doing these updates manually in the future? Add the Smart Plugin Manager: [https://my.wpengine.com/products/smart_plugin_manager](https://my.wpengine.com/products/smart_plugin_manager) to your plan today!Finally, feel free to reach out to our Support team if you need assistance with backing up or updating your website!Thanks,-WP Engine Security TeamThank you * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerability-173%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 15 replies - 1 through 15 (of 18 total) 1 [2](https://wordpress.org/support/topic/vulnerability-173/page/2/?output_format=md) [→](https://wordpress.org/support/topic/vulnerability-173/page/2/?output_format=md) * [8persap](https://wordpress.org/support/users/8persap/) * (@8persap) * [1 week, 3 days ago](https://wordpress.org/support/topic/vulnerability-173/#post-18922895) * I’m getting this same issue flagged – [https://patchstack.com/database/wordpress/plugin/elementskit-lite/vulnerability/wordpress-elementskit-elementor-addons-lite-plugin-3-9-6-broken-access-control-vulnerability-2](https://patchstack.com/database/wordpress/plugin/elementskit-lite/vulnerability/wordpress-elementskit-elementor-addons-lite-plugin-3-9-6-broken-access-control-vulnerability-2) Please can you fix? It’s making us look bad.Thanks. * [chrishaff](https://wordpress.org/support/users/chrishaff/) * (@chrishaff) * [6 days, 20 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18925536) * Same regarding WPEninge. WPMU’s Defender Pro also flags this. It still shows this issue today, four days later. I’m going to disable this plugin and see what breaks. * Plugin Support [Ahmed Amir Hossain](https://wordpress.org/support/users/ahmedamir/) * (@ahmedamir) * [6 days, 10 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18925801) * Hi All, * Thank you for reaching out to us, and we sincerely apologize for the delayed response. * We are currently investigating the issue and working to identify the root cause. We will keep you informed and provide an update as soon as we have a resolution or any significant progress to share. * We appreciate your patience and understanding during this process. Please stay tuned for further updates. * Regards, Amir * Thread Starter [developeresfera](https://wordpress.org/support/users/developeresfera/) * (@developeresfera) * [6 days, 9 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18925848) * Hi [@ahmedamir](https://wordpress.org/support/users/ahmedamir/), Please do it asap. It’s more then 4 days my website is vulnerable.Thank You * [Foster WebWorks](https://wordpress.org/support/users/therealfoz/) * (@therealfoz) * [6 days, 3 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18926335) * Following * [Guillermo Figueredo](https://wordpress.org/support/users/cleftune/) * (@cleftune) * [6 days, 2 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18926449) * Commenting this to receive updates about this thread. Thank you * [bluesix](https://wordpress.org/support/users/bluesix/) * (@bluesix) * [5 days, 18 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18926902) * no need to comment to follow – click “subscribe” in the sidebar (or scroll down on mobile) * [8persap](https://wordpress.org/support/users/8persap/) * (@8persap) * [5 days, 8 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18927150) * Please can we have an update for this? It’s been days. My clients are getting emailed ‘Vulnerability Severity: 5.3/10.0 (Medium)‘ from Wordfence and asking why it’s not being dealt with. Thanks. * [Martijn](https://wordpress.org/support/users/zignnl/) * (@zignnl) * [5 days, 7 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18927208) * Could you please provide an update on when you expect the patched version to be released? * [seaghanmoriarty](https://wordpress.org/support/users/seaghanmoriarty/) * (@seaghanmoriarty) * [5 days, 5 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18927336) * Thanks Amir for your anticipated prompt fixing of this vulnerability ([https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/elementskit-lite/elementskit-elementor-addons-advanced-widgets-templates-addons-for-elementor-396-missing-authorization](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/elementskit-lite/elementskit-elementor-addons-advanced-widgets-templates-addons-for-elementor-396-missing-authorization))[ <= 3.9.6 – Missing Authorization] * Plugin Support [Ahmed Amir Hossain](https://wordpress.org/support/users/ahmedamir/) * (@ahmedamir) * [5 days, 3 hours ago](https://wordpress.org/support/topic/vulnerability-173/#post-18927490) * Hi All, * Hope you are doing well. Our development team is currently working on resolving the issue. We will keep you updated on the progress and notify you as soon as we have any news to share. * We appreciate your patience and understanding. Please stay tuned until then. * Regards, Amir * Thread Starter [developeresfera](https://wordpress.org/support/users/developeresfera/) * (@developeresfera) * [5 days, 2 hours ago](https://wordpress.org/support/topic/vulnerability-173/page/2/#post-18927505) * [@ahmedamir](https://wordpress.org/support/users/ahmedamir/) Thanks for the update. Please update me asap. * [mgearh](https://wordpress.org/support/users/mgearh/) * (@mgearh) * [5 days, 1 hour ago](https://wordpress.org/support/topic/vulnerability-173/page/2/#post-18927614) * Commenting to receive updates. I hope you can resolve soon before I have to use Claude to find it! 🙂 * Plugin Support [Ahmed Amir Hossain](https://wordpress.org/support/users/ahmedamir/) * (@ahmedamir) * [4 days, 8 hours ago](https://wordpress.org/support/topic/vulnerability-173/page/2/#post-18928229) * Hi All, * Hope you are doing well. We would like to inform you that the reported vulnerability has been resolved in the latest plugin version (**3.9.7**). Please update the plugin to version 3.9.7 and verify the fix on your end. * If you have any questions or need further assistance, please feel free to let us know. * Regards, Amir * Plugin Support [Ahmed Amir Hossain](https://wordpress.org/support/users/ahmedamir/) * (@ahmedamir) * [4 days, 4 hours ago](https://wordpress.org/support/topic/vulnerability-173/page/2/#post-18928461) * Hi there, * Hope you are doing well. We would like to inform you that the reported vulnerability has been resolved in the latest plugin version (**3.9.7**). Please update the plugin to version 3.9.7 and verify the fix on your end. * If you have any questions or need further assistance, please feel free to let us know. * Regards, Amir Viewing 15 replies - 1 through 15 (of 18 total) 1 [2](https://wordpress.org/support/topic/vulnerability-173/page/2/?output_format=md) [→](https://wordpress.org/support/topic/vulnerability-173/page/2/?output_format=md) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerability-173%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/elementskit-lite/assets/icon-256x256.gif?rev=2518175) * [ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor](https://wordpress.org/plugins/elementskit-lite/) * [Frequently Asked Questions](https://wordpress.org/plugins/elementskit-lite/#faq) * [Support Threads](https://wordpress.org/support/plugin/elementskit-lite/) * [Active Topics](https://wordpress.org/support/plugin/elementskit-lite/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/elementskit-lite/unresolved/) * [Reviews](https://wordpress.org/support/plugin/elementskit-lite/reviews/) ## Tags * [errors](https://wordpress.org/support/topic-tag/errors/) * 26 replies * 11 participants * Last reply from: [developeresfera](https://wordpress.org/support/users/developeresfera/) * Last activity: [2 hours, 42 minutes ago](https://wordpress.org/support/topic/vulnerability-173/page/2/#post-18932142) * Status: resolved