CVE-2022-4704
Description
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings.
References
Third Party Advisory
Third Party Advisory
Third Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics