Vulnerabilities > Royal Elementor Addons

DATE CVE VULNERABILITY TITLE RISK
2023-01-10 CVE-2022-4707 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
6.5
2023-01-10 CVE-2022-4708 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
6.5
2023-01-10 CVE-2022-4709 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
6.5
2023-01-10 CVE-2022-4710 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function.
network
low complexity
royal-elementor-addons
6.1
2023-01-10 CVE-2022-4711 Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59.
network
low complexity
royal-elementor-addons
4.3
2023-01-09 CVE-2022-4102 Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template.
network
high complexity
royal-elementor-addons CWE-862
3.1
2023-01-09 CVE-2022-4103 Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template.
network
low complexity
royal-elementor-addons CWE-862
4.3