Royal-elementor-addons

Royal Elementor Addons

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-4707

  • EPSS 0.35%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 08.04.2026 18:17:36

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenti...

4.3

CVE-2022-4705

  • EPSS 0.6%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 08.04.2026 17:16:47

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-l...

8.1

CVE-2022-4704

  • EPSS 0.79%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 08.04.2026 18:17:36

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-l...

8.1

CVE-2022-4703

  • EPSS 0.95%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 08.04.2026 18:17:35

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-...

6.5

CVE-2022-4702

  • EPSS 0.8%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 08.04.2026 19:17:57

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscribe...

8.8

CVE-2022-4701

  • EPSS 0.75%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 08.04.2026 18:17:35

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscri...

8.8

CVE-2022-4700

  • EPSS 0.82%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 08.04.2026 19:17:57

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscribe...

3.1

CVE-2022-4102

Exploit
  • EPSS 0.25%
  • Veröffentlicht 09.01.2023 23:15:27
  • Zuletzt bearbeitet 09.04.2025 19:15:45

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscriber...

4.3

CVE-2022-4103

Exploit
  • EPSS 0.26%
  • Veröffentlicht 09.01.2023 23:15:27
  • Zuletzt bearbeitet 09.04.2025 14:15:25

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to c...