3 matches found
CVE-2022-4701 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2022-4701
The CVE-2022-4701 entry concerns the WordPress plugin Royal Elementor Addons. Affected: versions up to and including 1.3.59. Root cause: insufficient access control in the wpr_activate_required_plugins AJAX action, enabling any authenticated user (including subscriber-level) to activate certain i...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4701 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID d49799edf75b Credits Ramuel Gall Required...