CVE-2024-0835

Name of the Vulnerable Software and Affected Versions The Royal Elementor Kit theme for WordPress versions up to, and including, 1.0.116

Description The issue arises from a missing capability check on the dismissed handler function, allowing authenticated attackers with subscriber access or higher to update arbitrary transients to true.

Recommendations For versions up to, and including, 1.0.116, update to a version higher than 1.0.116 to resolve the issue. As a temporary workaround, consider restricting access to the dismissed handler function to minimize the risk of exploitation.