Lucene search
PRIOn knowledge basePRION:CVE-2022-4705HistoryJan 10, 2023 - 5:15 p.m.
Improper access control
2023-01-1017:15:00
PRIOn knowledge base
www.prio-n.com
4
wordpress
plugin
vulnerability
access control
ajax
cve-2022-4704
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ‘wpr_final_settings_setup’ AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704.
| CPE | Name | Operator | Version |
|---|---|---|---|
| royal_elementor_addons | le | 1.3.59 |
Related
cve
cve
CVE-2022-4705
2023-01-10 17:15:11
CVE-2022-4704
2023-01-10 17:15:11
nvd
nvd
CVE-2022-4705
2023-01-10 17:15:11
CVE-2022-4704
2023-01-10 17:15:11
cvelist
cvelist
CVE-2022-4705
2023-01-10 16:55:38
CVE-2022-4704
2023-01-10 16:55:34
prion
prion
Improper access control
2023-01-10 17:15:00
wpvulndb
wpvulndb
Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Template Activation
2023-01-10 00:00:00
Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Template Import
2023-01-10 00:00:00
openvas
openvas
wordfence
wordfence
Eleven Vulnerabilities Patched in Royal Elementor Addons
2023-01-10 16:41:21
packetstorm
packetstorm
WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls
2023-01-11 00:00:00