CVE-2022-4708
Description
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed.
References
Third Party Advisory
Third Party Advisory
Third Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics