Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
addons vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-4709
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
6.1
CVSSv3
CVE-2022-4710
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_f...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-47175
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
Royal-elementor-addons Royal Elementor Addons
7.5
CVSSv3
CVE-2023-5922
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private...
Royal-elementor-addons Royal Elementor Addons
3.1
CVSSv3
CVE-2022-4102
The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4103
The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-4701
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permission...
Royal-elementor-addons Royal Elementor Addons
9.8
CVSSv3
CVE-2020-10257
The ThemeREX Addons plugin prior to 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe...
Themerex Addons 1.70.3
Themerex Ozeum-museum
Themerex Chit Club-board Games
Themerex Addons 1.6.67
Themerex Yottis-simple Portfolio
Themerex Addons 1.6.66
Themerex Helion-agency \\&portfolio
Themerex Amuli
Themerex Addons 1.6.65
Themerex Nelson-barbershop \\+ Tattoo Salon
Themerex Hallelujah-church
Themerex Right Way
Themerex Prider-pride Fest
Themerex Addons 1.6.62.3
Themerex Mystik-esoterics
Themerex Skydiving And Flying Company
Themerex Addons 1.6.62.1
Themerex Dronex-aerial Photography Services
Themerex Addons 1.6.61.2
Themerex Samadhi-buddhist
Themerex Addons 1.6.61.3
Themerex Tantum-rent A Car\\, Rent A Bike\\, Rent A Scooter Multiskin Theme
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »