CVE-2023-5922: Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read
First published: Tue Jan 16 2024(Updated: )
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Royal Elementor Addons | <1.3.81 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-5922?
CVE-2023-5922 is classified as a high severity vulnerability due to the potential for unauthorized access to private content.
How do I fix CVE-2023-5922?
To fix CVE-2023-5922, update the Royal Elementor Addons WordPress plugin to version 1.3.81 or later.
Who is affected by CVE-2023-5922?
CVE-2023-5922 affects users of the Royal Elementor Addons and Templates WordPress plugin prior to version 1.3.81.
What type of vulnerability is CVE-2023-5922?
CVE-2023-5922 is a security vulnerability that allows unauthenticated users to access draft and private posts via AJAX actions.
Is there a workaround for CVE-2023-5922 if I cannot update the plugin?
As a temporary workaround for CVE-2023-5922, consider disabling AJAX actions in the plugin settings until you can perform the update.
- agent/weakness
- agent/author
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/royal-elementor-addons
- canonical/royal elementor addons