CVE-2022-4102

Name of the Vulnerable Software and Affected Versions The Royal Elementor Addons WordPress plugin versions prior to 1.3.56

Description The issue is related to the lack of authorization and CSRF checks when deleting a template, and it does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.

Recommendations For versions prior to 1.3.56, update to version 1.3.56 or later to resolve the issue. As a temporary workaround, consider restricting access to template deletion functionality to minimize the risk of exploitation.