CVE-2022-4704

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprimporttemplateskit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site...

CVE-2022-4704

creationtimestamp| type| source ---|---|--- 2023-01-10 20:28:48+00:00| seen| https://t.me/cibsecurity/56249 2023-01-10 20:28:50+00:00| seen| https://t.me/cibsecurity/56251...

Improper access control

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfinalsettingssetup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset...

CVE-2022-4704

Summary of confirmed details: The Royal Elementor Addons plugin for WordPress is vulnerable via the wpr_import_templates_kit AJAX action, with affected versions up to and including 1.3.59. The issue is insufficient access control, allowing any authenticated user (including subscriber-level) to im...

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4704 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 11224a1dc02d Credits Ramuel Gall Required...