Home

Description

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates certain parameters, including the list parameter, when constructing upstream Mailchimp API requests. An unauthenticated attacker can abuse the endpoint as an open proxy to Mailchimp, potentially triggering unauthorized API calls, manipulating subscription data, exhausting API quotas, or causing resource consumption on the affected WordPress site.

PUBLISHED Reserved 2026-01-14 | Published 2026-02-23 | Updated 2026-02-24 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

Any version before 3.7.9
affected

Credits

Rahul Karne finder

VulnCheck coordinator

References

wordpress.org/plugins/elementskit-lite/ product patch

wpmet.com/plugin/elementskit/ product

www.vulncheck.com/...unauthenticated-mailchimp-rest-endpoint third-party-advisory

cve.org (CVE-2026-23693)

nvd.nist.gov (CVE-2026-23693)

Download JSON