CVE-2026-45443 PUBLISHED

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability

Assigner: Patchstack
Reserved: 12.05.2026 Published: 20.05.2026 Updated: 20.05.2026

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
CVSS Score: 5

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	ADD-ONS.ORG
Product	PDF for Elementor Forms + Drag And Drop Template Builder
Versions	Default: unaffected affected from n/a to 5.5.1 (incl.)

Solutions

Update the WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin to the latest available version (at least 5.6.1).

Credits

Nguyen Tran Tuan Dung (domiee13) | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/wordpress/plugin/pdf-for-elementor-forms/vulnerability/wordpress-pdf-for-elementor-forms-drag-and-drop-template-builder-plugin-5-5-1-broken-access-control-vulnerability?_s_id=cve

Problem Types

CWE-862 Missing Authorization CWE

Impacts

CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels