CVE-2022-4709
Description
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library.
References
Third Party Advisory
Third Party Advisory
Third Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics