Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
addons vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
3.1
CVSSv3
CVE-2022-4102
The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4103
The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-47175
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2024-0511
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for una...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-4701
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permission...
Royal-elementor-addons Royal Elementor Addons
6.5
CVSSv3
CVE-2022-4709
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
5.3
CVSSv3
CVE-2023-3709
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated...
Royal-elementor-addons Royal Elementor Addons
7.5
CVSSv3
CVE-2023-5922
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private...
Royal-elementor-addons Royal Elementor Addons
9.8
CVSSv3
CVE-2020-10257
The ThemeREX Addons plugin prior to 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe...
Themerex Addons 1.70.3
Themerex Ozeum-museum
Themerex Chit Club-board Games
Themerex Addons 1.6.67
Themerex Yottis-simple Portfolio
Themerex Addons 1.6.66
Themerex Helion-agency \\&portfolio
Themerex Amuli
Themerex Addons 1.6.65
Themerex Nelson-barbershop \\+ Tattoo Salon
Themerex Hallelujah-church
Themerex Right Way
Themerex Prider-pride Fest
Themerex Addons 1.6.62.3
Themerex Mystik-esoterics
Themerex Skydiving And Flying Company
Themerex Addons 1.6.62.1
Themerex Dronex-aerial Photography Services
Themerex Addons 1.6.61.2
Themerex Samadhi-buddhist
Themerex Addons 1.6.61.3
Themerex Tantum-rent A Car\\, Rent A Bike\\, Rent A Scooter Multiskin Theme
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »