11 matches found
CVE-2026-2918
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...
CVE-2026-2918
CVE-2026-2918 affects Happy Addons for Elementor (WordPress) up to version 3.21.0. The issue stems from insecure object handling: ha_condition_update uses current_user_can('edit_posts', template_id) instead of proper per-object authorization, and ha_get_current_condition lacks a capability check,...
CVE-2026-2918 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...
WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Stored Cross-Site Scripting via Template Conditions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...
EUVD-2022-52020
Malicious code in bioql PyPI...
CVE-2022-4708
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavetemplateconditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions und...
CVE-2022-4708
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavetemplateconditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions und...
CVE-2022-4708
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavetemplateconditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions und...
CVE-2022-4708
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavetemplateconditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions und...
CVE-2022-4708 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavetemplateconditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions und...
PT-2023-15156 · WordPress · Royal Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr save template conditions' AJAX action. This allows any authenticated user,...