Vulnerabilities > Royal Elementor Addons > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-10 | CVE-2022-4708 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4709 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
| 2023-01-10 | CVE-2022-4710 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. | 6.1 |
| 2023-01-10 | CVE-2022-4711 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. | 4.3 |
| 2023-01-09 | CVE-2022-4103 | Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. | 4.3 |