← Volver a CVEs
CVE-2023-5922
HIGH7.5
Descripcion
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/16/2024
Ultima modificacion6/2/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
royal-elementor-addons:royal_elementor_addons
Referencias
https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/(contact@wpscan.com)
https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.