logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2022-4711

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2022-4711

Description:
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item.
Last updated date:
07/11/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/14/2023
Reference url to background

https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/admin/mega-menu.php?rev=2809656

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy