CVE-2022-4103

Name of the Vulnerable Software and Affected Versions The Royal Elementor Addons WordPress plugin versions prior to 1.3.56

Description The issue is related to the lack of authorization and CSRF checks when creating a template. This could allow any authenticated users, such as subscribers, to create a post with an arbitrary title. The post created can be of any type.

Recommendations For versions prior to 1.3.56, update to version 1.3.56 or later to resolve the issue. As a temporary workaround, consider restricting template creation capabilities to only trusted users until the update is applied.