CVE-2022-4707

Name of the Vulnerable Software and Affected Versions The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59

Description The issue is due to missing nonce validation in the wpr create mega menu template AJAX function, allowing unauthenticated attackers to create Mega Menu templates if they can trick an administrator into performing an action, such as clicking a link.

Recommendations For versions up to, and including, 1.3.59, consider disabling the wpr create mega menu template AJAX function until a patch is available to prevent exploitation. Update to a version higher than 1.3.59 to fully resolve the issue.