Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

wproyal

royal_elementor_kit

2 Versions 2 CVEs

Versions

1.0.116

SEMANTIC 2 CVEs

0

SINGLE_NUMBER 1 CVE

Recent CVEs

CVE-2024-32773

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116.

MEDIUM Apr 24, 2024

CVE-2024-0835

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.

MEDIUM Feb 05, 2024