Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
royal-elementor-addons royal elementor addons vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Royal-elementor-addons Royal Elementor Addons
12 Github repositories
NA
CVE-2023-3709
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated...
Royal-elementor-addons Royal Elementor Addons
NA
CVE-2023-5922
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private...
Royal-elementor-addons Royal Elementor Addons
NA
CVE-2022-4701
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permission...
Royal-elementor-addons Royal Elementor Addons
NA
CVE-2022-4705
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to...
Royal-elementor-addons Royal Elementor Addons
NA
CVE-2022-4707
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated malicious user...
Royal-elementor-addons Royal Elementor Addons
NA
CVE-2022-4710
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_f...
Royal-elementor-addons Royal Elementor Addons
NA
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
NA
CVE-2022-4702
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
NA
CVE-2022-4703
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, t...
Royal-elementor-addons Royal Elementor Addons
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »