Medium severity4.3NVD Advisory· Published Feb 5, 2024· Updated Apr 8, 2026
CVE-2024-0835
CVE-2024-0835
Description
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:royal-elementor-addons:royal_elementor_kit:*:*:*:*:*:wordpress:*:*Range: <=1.0.116
- Range: <=1.0.116
Patches
Vulnerability mechanics
References
3- themes.trac.wordpress.org/changesetnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2cnvdThird Party Advisory
- wordpress.org/themes/royal-elementor-kit/nvdProduct
News mentions
0No linked articles in our index yet.