The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
royal-elementor-addons royal elementor addons |