Vulnerabilities > Royal Elementor Addons

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2023-5922 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content
network
low complexity
royal-elementor-addons
7.5
2023-10-31 CVE-2023-5360 Unrestricted Upload of File with Dangerous Type vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
network
low complexity
royal-elementor-addons CWE-434
critical
9.8
2023-10-06 CVE-2022-47175 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
network
low complexity
royal-elementor-addons
8.8
2023-01-10 CVE-2022-4700 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
8.8
2023-01-10 CVE-2022-4701 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
8.8
2023-01-10 CVE-2022-4702 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
6.5
2023-01-10 CVE-2022-4703 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
8.1
2023-01-10 CVE-2022-4704 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
8.1
2023-01-10 CVE-2022-4705 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
4.3
2023-01-10 CVE-2022-4707 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
6.5