Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total44
Critical1
High5
Medium38
Reset
Showing 41-44 of 44 records
Threat Entry Updated 2024-11-21

CVE-2024-0511 - Royal Elementor Addons Plugin

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Royal Elementor Addons

CVE-2024-0511

MEDIUM CVSS 4.3 2024-02-08
Open Full Technical Breakdown
Threat Entry Updated 2025-06-02

CVE-2023-5922 - Royal Elementor Addons Plugin

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content

PLUGIN Royal Elementor Addons

CVE-2023-5922

HIGH CVSS 7.5 2024-01-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5360 - Royal Elementor Addons Plugin

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

PLUGIN Royal Elementor Addons

CVE-2023-5360

CRITICAL CVSS 9.8 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3709 - Royal Elementor Addons Plugin

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.

PLUGIN Royal Elementor Addons

CVE-2023-3709

MEDIUM CVSS 5.3 2023-07-18
Open Full Technical Breakdown
Scroll to top