CVE-2022-4700 – Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation
https://notcve.org/view.php?id=CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme. WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities. • https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/admin/templates-kit.php?rev=2833046 https://www.wordfence.com/blog/2023/01/eleven-vulnerabilities-patched-in-royal-elementor-addons https://www.wordfence.com/threat-intel/vulnerabilities/id/cdd464ad-24bc-4922-8bfa-ac42fbe60b52 • CWE-284: Improper Access Control •
CVE-2022-4702 – Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Deactivation
https://notcve.org/view.php?id=CVE-2022-4702
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues. WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities. • https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/admin/templates-kit.php?rev=2833046 https://www.wordfence.com/blog/2023/01/eleven-vulnerabilities-patched-in-royal-elementor-addons https://www.wordfence.com/threat-intel/vulnerabilities/id/cb47b6cc-87e4-4d29-bbc7-6d7552bc3943 • CWE-284: Improper Access Control •
CVE-2022-4710 – Royal Elementor Addons <= 1.3.59 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-4710
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities. • https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/classes/wpr-ajax-search.php?rev=2809656 https://www.wordfence.com/blog/2023/01/eleven-vulnerabilities-patched-in-royal-elementor-addons https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6c6ce4-9944-4c8e-89aa-6a2e870ef205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-4711 – Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update
https://notcve.org/view.php?id=CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item. El complemento Royal Elementor Addons para WordPress es vulnerable a un control de acceso insuficiente en la acción AJAX 'wpr_save_mega_menu_settings' en versiones hasta la 1.3.59 inclusive. Esto permite que cualquier usuario autenticado, incluidos aquellos con permisos de nivel de suscriptor, habilite y modifique la configuración del Mega Menú para cualquier elemento del menú. WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities. • https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/admin/mega-menu.php?rev=2809656 https://www.wordfence.com/blog/2023/01/eleven-vulnerabilities-patched-in-royal-elementor-addons https://www.wordfence.com/threat-intel/vulnerabilities/id/c23e9810-40ea-43e2-9292-f05f300a7ddf • CWE-284: Improper Access Control •
CVE-2022-4103 – Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation
https://notcve.org/view.php?id=CVE-2022-4103
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title El complemento Royal Elementor Addons de WordPress anterior a 1.3.56 no tiene autorización ni verificaciones CSRF al crear una plantilla, y no garantiza que la publicación creada sea una plantilla. Esto podría permitir a cualquier usuario autenticado, como un suscriptor, crear una publicación (así como cualquier tipo de publicación) con un título arbitrario. The Royal Elementor Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check during template creation in the function wpr_create_template in versions up to, and including, 1.3.55. Furthermore, the plugin does not verify whether the created post is a template. • https://wpscan.com/vulnerability/5e1244f7-39b5-4f37-8fef-e3f35fc388f1 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •