Royal-elementor-addons

Royal Elementor Addons

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-4705

  • EPSS 0.15%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:35:46

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-l...

8.1

CVE-2022-4704

  • EPSS 0.27%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:35:46

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-l...

8.1

CVE-2022-4703

  • EPSS 0.29%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:35:46

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-...

6.5

CVE-2022-4702

  • EPSS 0.21%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:35:45

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscribe...

8.8

CVE-2022-4701

  • EPSS 0.37%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:35:45

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscri...

8.8

CVE-2022-4700

  • EPSS 0.46%
  • Veröffentlicht 10.01.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:35:45

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscribe...

3.1

CVE-2022-4102

Exploit
  • EPSS 0.1%
  • Veröffentlicht 09.01.2023 23:15:27
  • Zuletzt bearbeitet 09.04.2025 19:15:45

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscriber...

4.3

CVE-2022-4103

Exploit
  • EPSS 0.07%
  • Veröffentlicht 09.01.2023 23:15:27
  • Zuletzt bearbeitet 09.04.2025 14:15:25

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to c...