Vulnerabilities > Royal Elementor Addons
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-10 | CVE-2022-4704 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. | 8.1 |
| 2023-01-10 | CVE-2022-4705 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. | 4.3 |
| 2023-01-10 | CVE-2022-4707 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4708 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4709 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4710 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. | 6.1 |
| 2023-01-10 | CVE-2022-4711 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. | 4.3 |
| 2023-01-09 | CVE-2022-4102 | Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. | 3.1 |
| 2023-01-09 | CVE-2022-4103 | Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. | 4.3 |