Vulnerabilities > CVE-2022-4102 - Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons

047910
CVSS 3.1 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
high complexity
royal-elementor-addons
CWE-862

Summary

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.

Vulnerable Configurations

Part Description Count
Application
Royal-Elementor-Addons
32

Common Weakness Enumeration (CWE)