Vulnerabilities > CVE-2023-5922 - Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
royal-elementor-addons

Summary

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content

Vulnerable Configurations

Part Description Count
Application
Royal-Elementor-Addons
52