Authentication Bypass by Spoofing Vulnerability Affects Royal Elementor Addons
CVE-2024-32786

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Royal Elementor Addons
Vendor: CVE Published:; 17 May 2024

Summary

The Royal Elementor Addons plugin by WP Royal contains an authentication bypass vulnerability that enables attackers to bypass intended security checks. This flaw can lead to unauthorized functionality access, posing a risk to the integrity of websites using this plugin. The affected versions range from n/a up to 1.3.93, highlighting the need for users to update to secure their sites against potential exploitation.

Affected Version(s)

Royal Elementor Addons <= 1.3.93

References

https://patchstack.com/database/vulnerability/royal-eleme...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Brandon Roldan (Patchstack Alliance)