Vulnerabilities > Royal Elementor Addons > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-07 | CVE-2024-31236 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. | 5.4 |
| 2024-02-08 | CVE-2024-0511 | Cross-Site Request Forgery (CSRF) vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. | 4.3 |
| 2024-02-05 | CVE-2024-0835 | Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor KIT The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. | 4.3 |
| 2023-01-10 | CVE-2022-4702 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4705 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. | 4.3 |
| 2023-01-10 | CVE-2022-4707 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4708 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4709 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4710 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. | 6.1 |
| 2023-01-10 | CVE-2022-4711 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. | 4.3 |