CVE-2026-32445 — Missing Authorization in Website Builder

CWE-862 — Missing Authorization3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.0%

top 89.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elementor Website Builder

Timeline

PublishedMar 13

Description

Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5elementor/elementor_website_builder3.35.5

🔴Vulnerability Details

GHSA

GHSA-fcmh-8r9j-5762: Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security↗2026-03-13

▶

CVEList

WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability↗2026-03-13

▶