← Back to CVEs
CVE-2023-5922
HIGH7.5
Description
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/16/2024
Last Modified6/2/2025
Sourcenvd
Honeypot Sightings0
Affected Products
royal-elementor-addons:royal_elementor_addons
References
https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/(contact@wpscan.com)
https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.