CVE-2026-23693

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates certain parameters, including the list parameter, when constructing upstream Mailchimp API requests. An unauthenticated attacker can abuse the endpoint as an open proxy to Mailchimp, potentially triggering unauthorized API calls, manipulating subscription data, exhausting API quotas, or causing resource consumption on the affected WordPress site.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://wordpress.org/plugins/elementskit-lite/
https://wpmet.com/plugin/elementskit/
https://www.vulncheck.com/advisories/elementskit-lite-unauthenticated-mailchimp-rest-endpoint

Configurations

No configuration.

History

24 Feb 2026, 19:21

Type	Values Removed	Values Added
Summary		(es) Las versiones del plugin de WordPress ElementsKit Lite (elementskit-lite) anteriores a la 3.7.9 exponen el endpoint REST /wp-json/elementskit/v1/widget/mailchimp/subscribe sin autenticación. El endpoint acepta credenciales de la API de Mailchimp proporcionadas por el cliente e invalida insuficientemente ciertos parámetros, incluido el parámetro list, al construir solicitudes a la API de Mailchimp ascendentes. Un atacante no autenticado puede abusar del endpoint como un proxy abierto a Mailchimp, lo que podría desencadenar llamadas a la API no autorizadas, manipular datos de suscripción, agotar las cuotas de la API o causar consumo de recursos en el sitio de WordPress afectado.
Summary	(en) ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates certain parameters, including the list parameter, when constructing upstream Mailchimp API requests. An unauthenticated attacker can abuse the endpoint as an open proxy to Mailchimp, potentially triggering unauthorized API calls, manipulating subscription data, exhausting API quotas, or causing resource consumption on the affected WordPress site.	(en) ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates certain parameters, including the list parameter, when constructing upstream Mailchimp API requests. An unauthenticated attacker can abuse the endpoint as an open proxy to Mailchimp, potentially triggering unauthorized API calls, manipulating subscription data, exhausting API quotas, or causing resource consumption on the affected WordPress site.

23 Feb 2026, 21:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-23 21:19

Updated : 2026-02-24 19:21

NVD link : CVE-2026-23693

Mitre link : CVE-2026-23693

CVE.ORG link : CVE-2026-23693

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

10.0 /10