4 matches found
CVE-2022-4705
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfinalsettingssetup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset...
CVE-2022-4705 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfinalsettingssetup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset...
CVE-2022-4705
The CVE-2022-4705 entry concerns the WordPress plugin Royal Elementor Addons. Affected component: the wpr_final_settings_setup AJAX action (versions up to and including 1.3.59). Root cause: insufficient access control allowing any authenticated user (including subscribers) to finalize activation ...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4705 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID 52604a902691 Credits Ramuel Gall Required...