Insufficient Access Control in Royal Elementor Addons for WordPress
CVE-2022-4703
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 10 January 2023
What is CVE-2022-4703?
The Royal Elementor Addons plugin for WordPress contains a vulnerability due to insufficient access control in the 'wpr_reset_previous_import' AJAX action. This flaw enables authenticated users, including those with the lowest permission levels (such as subscribers), to reset previously imported data without proper authorization. As a result, unauthorized users can potentially manipulate site data, which poses risks for site integrity and security.
Affected Version(s)
Royal Elementor Addons (Elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & other Free Elementor Widgets) * <= 1.3.59