GHSA-r3f5-wxc6-qc5c
GitHub Security Advisory
⚠ Unreviewed
MODERATE
Has CVE
Advisory Details
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: November 26, 2025 6:30 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.