What is CVE-2026-23693?

CVE-2026-23693 is a critical-severity vulnerability in Roxnor Elementskit Elementor Addons – Advanced Widgets & Templates For, classified under Missing Authentication for Critical Function. CVSS score: 10.0/10. Published 2026-02-23.

How severe is CVE-2026-23693?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Auth bypass in Roxnor Elementskit Elementor Addons – Advanced Widgets & Templates For

CVE-2026-23693

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication…

Vulnerability class: Broken Authentication

EPSS: 0.002 (41.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H.

Affected products

Roxnor Elementskit Elementor Addons – Advanced Widgets & Templates For — versions 0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

wordpress.org/plugins/elementskit-lite/ (product, patch)
wpmet.com/plugin/elementskit/ (product)
www.vulncheck.com/advisories/elementskit-lite-unauthenticated-mailchimp-rest-en… (third-party-advisory)

Frequently asked questions

What is CVE-2026-23693?: CVE-2026-23693 is a critical-severity vulnerability in Roxnor Elementskit Elementor Addons – Advanced Widgets & Templates For, classified under Missing Authentication for Critical Function. CVSS score: 10.0/10. Published 2026-02-23.
How severe is CVE-2026-23693?: Critical severity. CVSS v3 base score is 10.0 out of 10.