Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:25 a.m.11 views

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

4.3CVSS6.6AI score0.00688EPSS
Exploits2References1
CVE
CVE
added 2023/01/10 4:55 p.m.50 views

CVE-2022-4711

CVE-2022-4711 affects the WordPress plugin Royal Elementor Addons (versions up to 1.3.59). The issue is insufficient access control in the wpr_save_mega_menu_settings AJAX action, enabling any authenticated user (including subscribers) to enable/modify Mega Menu settings for any menu item. Remedi...

4.3CVSS4.8AI score0.00688EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/10 4:55 p.m.11 views

CVE-2022-4711 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

4.3CVSS6.5AI score0.00688EPSS
Exploits2References3
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.13 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4711 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID 242bc7b4f228 Credits Ramuel Gall Required...

4.3CVSS6.8AI score0.00688EPSS
Exploits2References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/01/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify...

4.3CVSS6.5AI score0.00688EPSS
Exploits2References1
Rows per page
Query Builder