Lucene search
WpvulndbWPVDB-ID:4CF099F2-415B-46F3-B67C-62BCDD85DB95HistoryJan 10, 2023 - 12:00 a.m.
Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Import Deletion
2023-01-1000:00:00
wpscan.com
6
plugin
authorisation
csrf
deletion
imported content
authenticated user
0.001 Low
EPSS
Percentile
38.1%
The plugin does not have authorisation and CSRF checks when deleting imported content, which could allow any authenticated user, such as subscriber to perform such action
| CPE | Name | Operator | Version |
|---|---|---|---|
| royal-elementor-addons | lt | 1.3.60 |
Related
nvd
nvd
CVE-2022-4703
2023-01-10 17:15:11
cve
cve
CVE-2022-4703
2023-01-10 17:15:11
prion
prion
Improper access control
2023-01-10 17:15:00
cvelist
cvelist
CVE-2022-4703
2023-01-10 16:55:42
openvas
openvas
wordfence
wordfence
Eleven Vulnerabilities Patched in Royal Elementor Addons
2023-01-10 16:41:21
packetstorm
packetstorm
WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls
2023-01-11 00:00:00