CVE-2023-5922
Last modified
CVE-2023-5922 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content. EPSS estimates a 0.71% chance of exploitation in the next 30 days.
Description
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Royal-Elementor-Addons | Royal Elementor Addons | < 1.3.81 |
References
- https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-5922?
How severe is CVE-2023-5922?
How do I fix CVE-2023-5922?
Are you affected by CVE-2023-5922?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST