Lucene search
K

4 matches found

nvd
nvd
added 2023/01/10 5:15 p.m.22 views

CVE-2022-4705

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfinalsettingssetup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset...

4.3CVSS5AI score0.00603EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2023/01/10 4:55 p.m.13 views

CVE-2022-4705 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfinalsettingssetup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset...

4.3CVSS6.4AI score0.00603EPSS
Exploits1References3
cve
cve
added 2023/01/10 4:55 p.m.47 views

CVE-2022-4705

The CVE-2022-4705 entry concerns the WordPress plugin Royal Elementor Addons. Affected component: the wpr_final_settings_setup AJAX action (versions up to and including 1.3.59). Root cause: insufficient access control allowing any authenticated user (including subscribers) to finalize activation ...

4.3CVSS5.6AI score0.00603EPSS
Exploits1References4Affected Software1
patchstack
patchstack
added 2023/01/10 12:0 a.m.20 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4705 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID 52604a902691 Credits Ramuel Gall Required...

4.3CVSS6.8AI score0.00603EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder