Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:35 a.m.9 views

CVE-2022-4102

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know...

3.1CVSS6.7AI score0.00251EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/04/25 12:0 a.m.12 views

WordPress The Royal Elementor Addons Plugin < 1.3.56 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:royal-elementor-addons:royalelementoraddons"; if description...

4.3CVSS4.2AI score0.00262EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/01/09 10:13 p.m.5 views

CVE-2022-4102 Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know...

3.9AI score0.00251EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/01/09 10:13 p.m.23 views

CVE-2022-4102 Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know...

4.4AI score0.00251EPSS
Exploits1References1
CVE
CVE
added 2023/01/09 10:13 p.m.59 views

CVE-2022-4102

The CVE-2022-4102 entry concerns the Royal Elementor Addons WordPress plugin (pre-1.3.56). The vulnerability arises from missing authorization and CSRF checks when deleting a template, and it does not verify that the target post is actually a template. This can allow any authenticated user (e.g.,...

3.1CVSS3.8AI score0.00251EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder