CVE-2026-42629 Powerpackelements CVE debrief

Who should care

Administrators and security teams responsible for WordPress installations with the PowerPack Pro for Elementor plugin, especially those using versions prior to v2.13.0, should be aware of this vulnerability. Given the HIGH severity and potential for unauthorized access, swift assessment and remediation are crucial.

Technical summary

CVE-2026-42629 is associated with a broken authentication vulnerability in PowerPack Pro for Elementor versions before v2.13.0. The vulnerability is characterized by its ability to allow unauthenticated access, posing significant risks to the integrity and confidentiality of affected systems. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high level of exploitability and potential impact.

Defensive priority

HIGH

Recommended defensive actions

• Update PowerPack Pro for Elementor to version v2.13.0 or later.
• Review and restrict access to sensitive areas of the affected systems.
• Implement additional monitoring for suspicious activity related to authentication attempts.
• Consider applying patches or updates as soon as possible.
• Conduct regular security audits to identify and address vulnerabilities.
• Enhance authentication mechanisms for WordPress installations.
• Consult official documentation and vendor advisories for further guidance.

Evidence notes

The information provided is based on data from official sources, including CVE.org and the National Vulnerability Database (NVD). The CVE record and NVD details were accessed on June 17, 2026. Additional information was obtained from Patchstack, highlighting the vulnerability in PowerPack Pro for Elementor versions prior to v2.13.0.

Official resources