5 matches found
CVE-2022-4102
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know...
WordPress The Royal Elementor Addons Plugin < 1.3.56 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:royal-elementor-addons:royalelementoraddons"; if description...
CVE-2022-4102 Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know...
CVE-2022-4102 Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know...
CVE-2022-4102
The CVE-2022-4102 entry concerns the Royal Elementor Addons WordPress plugin (pre-1.3.56). The vulnerability arises from missing authorization and CSRF checks when deleting a template, and it does not verify that the target post is actually a template. This can allow any authenticated user (e.g.,...