Lucene search
WpvulndbWPVDB-ID:0932E661-FD6C-480B-A709-C84EC7EF1DD5HistoryJan 10, 2023 - 12:00 a.m.
Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Template Import
2023-01-1000:00:00
wpscan.com
6
plugin
authorisation
csrf
templates
user
subscriber
security
0.001 Low
EPSS
Percentile
38.1%
The plugin does not have authorisation and CSRF checks when importing templates, which could allow any authenticated user, such as subscriber to perform such action
| CPE | Name | Operator | Version |
|---|---|---|---|
| royal-elementor-addons | lt | 1.3.60 |
Related
prion
prion
Improper access control
2023-01-10 17:15:00
Improper access control
2023-01-10 17:15:00
cvelist
cvelist
CVE-2022-4704
2023-01-10 16:55:34
CVE-2022-4705
2023-01-10 16:55:38
nvd
nvd
CVE-2022-4704
2023-01-10 17:15:11
CVE-2022-4705
2023-01-10 17:15:11
cve
cve
CVE-2022-4704
2023-01-10 17:15:11
CVE-2022-4705
2023-01-10 17:15:11
wordfence
wordfence
Eleven Vulnerabilities Patched in Royal Elementor Addons
2023-01-10 16:41:21
packetstorm
packetstorm
WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls
2023-01-11 00:00:00
openvas
openvas