Insufficient Access Control in Royal Elementor Addons Plugin for WordPress
CVE-2022-4709
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 10 January 2023
What is CVE-2022-4709?
The Royal Elementor Addons plugin for WordPress contains a vulnerability due to insufficient access control in the 'wpr_import_library_template' AJAX action. This flaw affects versions up to and including 1.3.59, allowing any authenticated user, even those with only subscriber-level permissions, to import and activate templates from the plugin's library. This can lead to unauthorized modifications and potentially malicious activity on the affected WordPress sites.
Affected Version(s)
Royal Elementor Addons (Elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & other Free Elementor Widgets) * <= 1.3.59