5 matches found
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...
CVE-2022-4711
CVE-2022-4711 affects the WordPress plugin Royal Elementor Addons (versions up to 1.3.59). The issue is insufficient access control in the wpr_save_mega_menu_settings AJAX action, enabling any authenticated user (including subscribers) to enable/modify Mega Menu settings for any menu item. Remedi...
CVE-2022-4711 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4711 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID 242bc7b4f228 Credits Ramuel Gall Required...
VulnCheck KEV: CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify...