WordPress Plugin Vulnerabilities

Royal Elementor Addons < 1.3.60 - Subscriber+ Template Kit Import

Description

The plugin does not have authorisation and CSRF checks when importing and activating template from the vendor library, which could allow any authenticated user, such as subscriber to perform such action

Affects Plugins

Plugin icon
royal-elementor-addons
Fixed in 1.3.60

References

CVE
CVE-2022-4709
URL
https://www.wordfence.com/blog/2023/01/eleven-vulnerabilities-patched-in-royal-elementor-addons/

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ramuel Gall
Verified
No
WPVDB ID
103b2f28-2311-46f1-9a28-1f35fa07e8c4

Timeline

Publicly Published
2023-01-10 (about 3 years ago)
Added
2023-01-10 (about 3 years ago)
Last Updated
2023-01-10 (about 3 years ago)

Other

Published
Title
Published
2025-08-14
Title
Stratus <= 4.2.5 - Missing Authorization
Published
2025-09-22
Title
Cecabank WooCommerce Plugin < 0.3.5 - Missing Authorization
Published
2026-01-23
Title
Meta-box GalleryMeta < 3.1 - Missing Authorization to Authenticated (Author+) Gallery Management
Published
2024-08-01
Title
WordPress File Upload < 4.24.8 - Missing Authorization
Published
2024-08-02
Title
File Manager Pro – Filester < 1.8.3 - Authenticated Plugin Settings Update