Unrated severityNVD Advisory· Published Jan 9, 2023· Updated Apr 9, 2025
Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion
CVE-2022-4102
Description
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <1.3.56
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/c177f763-0bb5-4734-ba2e-7ba816578937mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.