CVE-2022-4705

Name of the Vulnerable Software and Affected Versions The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59

Description The issue is related to insufficient access control in the 'wpr final settings setup' AJAX action. This allows any authenticated user to finalize activation of preset site configuration templates.

Recommendations For versions up to, and including, 1.3.59, update to a version higher than 1.3.59 to resolve the issue. As a temporary workaround, consider restricting access to the 'wpr final settings setup' AJAX action to prevent unauthorized users from finalizing activation of preset site configuration templates.