CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31236 – WordPress Royal Elementor Addons plugin <= 1.3.93 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31236
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en WP Royal Elementor Addons permite XSS almacenado. Este problema afecta a Royal Elementor Addons: desde n/a hasta 1.3.93. The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-plugin-1-3-93-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0511 – Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via wpr_update_form_action_meta
https://notcve.org/view.php?id=CVE-2024-0511
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Royal Elementor Addons and Templates para WordPress es vulnerable a la cross-site request forgery en todas las versiones hasta la 1.3.87 incluida. Esto se debe a una validación nonce faltante o incorrecta en la función wpr_update_form_action_meta. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0835 – Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update
https://notcve.org/view.php?id=CVE-2024-0835
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values. El tema Royal Elementor Kit para WordPress es vulnerable a actualizaciones transitorias arbitrarias no autorizadas debido a una falta de verificación de capacidad en la función dismissed_handler en todas las versiones hasta la 1.0.116 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, actualicen transitorios arbitrarios. • https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail= https://wordpress.org/themes/royal-elementor-kit https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5922 – Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read
https://notcve.org/view.php?id=CVE-2023-5922
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content El complemento de WordPress Royal Elementor Addons and Templates anterior a 1.3.81 no garantiza que los usuarios que acceden a publicaciones a través de una acción AJAX (y el endpoint REST, actualmente deshabilitado en el complemento) tengan derecho a hacerlo, lo que permite a usuarios no autenticados acceder a borradores arbitrarios, privados. y contenido de publicaciones/páginas protegidas con contraseña The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpr_get_page_content AJAX action in all versions up to, and including, 1.3.80. This makes it possible for unauthenticated attackers to view password protected posts and pages. • https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 78%CPEs: 1EXPL: 10CVE-2023-5360 – Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. El complemento Royal Elementor Addons and Templates de WordPress anterior a 1.3.79 no valida correctamente los archivos cargados, lo que podría permitir a usuarios no autenticados cargar archivos arbitrarios, como PHP y lograr RCE. The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.3.78. This is due to insufficient file type validation in the handle_file_upload() function called via AJAX which allows attackers to supply a preferred filetype extension to the 'allowed_file_types' parameter, with a special character, which makes it possible for the uploaded file to bypass their filter list. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/Chocapikk/CVE-2023-5360 https://github.com/1337r0j4n/CVE-2023-5360 https://github.com/tucommenceapousser/CVE-2023-5360 https://github.com/angkerithhack001/CVE-2023-5360-PoC https://github.com/phankz/Worpress-CVE-2023-5360 https://github.com/sagsooz/CVE-2023-5360 https://github.com/Pushkarup/CVE-2023-5360 https://github.com/nastar-id/CVE-2023-5360 https://github.com/Jenderal92/WP-CVE-2023-5360 http://packetstormsecurity.com/files/175992/WordPress-Royal-Elemento • CWE-434: Unrestricted Upload of File with Dangerous Type •