CVE-2025-64352
WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerabilityMissing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.
We have discovered 90,985 live websites that are affected by CVE-2025-64352.
Affected Software
| Product |  Essential Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 90,985 live websites (30% of Essential Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 136 versions ( 86% of all versions) |
Details
- Published - Oct 31, 2025
- Updated - Apr 1, 2026
Credits
- Peter Thaleikis | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-64352 United States | 22,392 websites |
 Germany | 7,716 websites |
 Brazil | 5,425 websites |
 France | 5,084 websites |
 GB | 3,660 websites |
 India | 3,490 websites |
 Italy | 3,401 websites |
 Spain | 3,244 websites |
 Russia | 3,149 websites |
 Poland | 2,544 websites |
Website Distribution by TLD
Number of websites using CVE-2025-64352| .com | 35,880 websites |
| .com.br | 4,962 websites |
| .org | 4,113 websites |
| .de | 3,860 websites |
| .ru | 2,740 websites |
| .it | 2,450 websites |
| .fr | 2,126 websites |
| .co.uk | 1,942 websites |
| .pl | 1,895 websites |
| .net | 1,611 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-64352
Top websites that are affected by CVE-2025-64352. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | *,*** | |
| *******.co |  Serbia | **,*** | |
| ******.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| *******************.nl |  Netherlands | **,*** | |
| *******.com | United States | **,*** | |
| ***************.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| ******.com | Germany | **,*** | |
| ************.com | United States | **,*** |
FAQ
A total of 90,985 websites have been identified as vulnerable to CVE-2025-64352, based on global website indexing conducted by WebTechSurvey.
The Essential Addons for Elementor is affected by the CVE-2025-64352 vulnerability.
Essential Addons for Elementor versions up to and including 6.2.4 are vulnerable to CVE-2025-64352.