CVE-2022-4701
Description
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site.
References
Third Party Advisory
Third Party Advisory
Third Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics