← Voltar para CVEs
CVE-2023-5922
HIGH7.5
Descricao
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/16/2024
Ultima modificacao6/2/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
royal-elementor-addons:royal_elementor_addons
Referencias
https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/(contact@wpscan.com)
https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.