CVE-2022-4501

Name of the Vulnerable Software and Affected Versions Mega Addons plugin for WordPress versions up to, and including, 4.2.7

Description The issue is related to authorization bypass due to a missing capability check on the vc saving data function. This allows authenticated attackers with subscriber-level permissions and above to update the plugin's settings.

Recommendations For Mega Addons plugin for WordPress versions up to, and including, 4.2.7, update to a version higher than 4.2.7 to resolve the issue. As a temporary workaround, consider restricting access to the vc saving data function to prevent unauthorized updates to the plugin's settings.