| |
Vulnerability CVE-2022-4102
Published: 2023-01-09 Modified: 2023-01-10
| Description: |
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug. |
Type:
CWE-352 (Cross-Site Request Forgery (CSRF))
References: |
https://wpscan.com/vulnerability/c177f763-0bb5-4734-ba2e-7ba816578937
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
