7.5
CVE-2023-5922
- EPSS 1.05%
- Veröffentlicht 16.01.2024 16:15:13
- Zuletzt bearbeitet 02.06.2025 15:15:25
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginRoyal Elementor Addons and Templates <= 1.3.80 - Missing Authorization to Private/Password Protected Post Read
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content
Mögliche Gegenmaßnahme
Royal Addons for Elementor – Addons and Templates Kit for Elementor: Update to version 1.3.81, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Royal Addons for Elementor – Addons and Templates Kit for Elementor
Version
*-1.3.80
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Royal-elementor-addons ≫ Royal Elementor Addons SwPlatformwordpress Version < 1.3.81
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.05% | 0.769 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|