EUVD-2022-52014

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Royal Elementor Addons plugin allows unauthorized users to deactivate plugins and switch themes.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2022-4702	10 Jan 202317:15	–	attackerkb
Circl	CVE-2022-4702	10 Jan 202320:28	–	circl
CNNVD	WordPress plugin Royal Elementor Addons 安全漏洞	10 Jan 202300:00	–	cnnvd
CVE	CVE-2022-4702	10 Jan 202316:55	–	cve
Cvelist	CVE-2022-4702 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Deactivation	10 Jan 202316:55	–	cvelist
NVD	CVE-2022-4702	10 Jan 202317:15	–	nvd
OpenVAS	WordPress The Royal Elementor Addons Plugin < 1.3.60 Multiple Vulnerabilities	25 Apr 202300:00	–	openvas
OSV	CVE-2022-4702	10 Jan 202317:15	–	osv
Packet Storm	WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls	11 Jan 202300:00	–	packetstorm
Patchstack	WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control	10 Jan 202300:00	–	patchstack

[
  {
    "enisaIdVendor": [
      {
        "id": "8e850fa2-ac10-3ecc-a5a2-6a4d6bf0a0d2",
        "vendor": {
          "name": "wproyal"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "e8dd4da2-84fa-33f8-ac90-33e7d4bb240c",
        "product": {
          "name": "Royal Elementor Addons (Elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & other Free Elementor Widgets)"
        },
        "product_version": "* ≤1.3.59"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/blog/2023/01/eleven-vulnerabilities-patched-in-royal-elementor-addons/
plugins	www.plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/admin/templates-kit.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/cb47b6cc-87e4-4d29-bbc7-6d7552bc3943

03 Oct 2025 20:07Current

7High risk

Vulners AI Score7

CVSS 3.15.4 - 6.5

EPSS0.00394

SSVC