Vulnerabilities > CVE-2024-10798 - Authorization Bypass Through User-Controlled Key vulnerability in Royal-Elementor-Addons Royal Elementor Addons

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
royal-elementor-addons
CWE-639

Summary

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.

Vulnerable Configurations

Part Description Count
Application
Royal-Elementor-Addons
89