CVE-2022-4700
published 2023-01-10CVE-2022-4700: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up…
PriorityP275high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.82%
52.6th percentile
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| royal-elementor-addons | royal_elementor_addons | <= 1.3.59 | — |
| wproyal | royal_addons_for_elementor_addons_and_templates_kit_for_elementor | <= 1.3.59 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck5.4MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-48w7-7v5c-hxxv: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versi
ghsa_unreviewed·2023-01-10
CVE-2022-4700 [HIGH] CWE-284 GHSA-48w7-7v5c-hxxv: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versi
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.
VulnCheck
Royal Elementor Addons plugin for WordPress wpr_activate_required_theme Vulnerability
vulncheck·2022·CVSS 5.4
CVE-2022-4700 [MEDIUM] Royal Elementor Addons plugin for WordPress wpr_activate_required_theme Vulnerability
Royal Elementor Addons plugin for WordPress wpr_activate_required_theme Vulnerability
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.
Affected: royal-elementor-addons royal_elementor_addons
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-i
Red Hat
kernel: i2c: designware: use casting of u64 in clock multiplication to avoid overflow
vendor_redhat·2025-03-27·CVSS 5.5
CVE-2022-49749 [MEDIUM] CWE-190 kernel: i2c: designware: use casting of u64 in clock multiplication to avoid overflow
kernel: i2c: designware: use casting of u64 in clock multiplication to avoid overflow
In the Linux kernel, the following vulnerability has been resolved:
i2c: designware: use casting of u64 in clock multiplication to avoid overflow
In functions i2c_dw_scl_lcnt() and i2c_dw_scl_hcnt() may have overflow
by depending on the values of the given parameters including the ic_clk.
For example in our use case where ic_clk is larger than one million,
multiplication of ic_clk * 4700 will result in 32 bit overflow.
Add cast of u64 to the calculation to avoid multiplication overflow, and
use the corresponding define for divide.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not a
No detection rules found.
No public exploits indexed.
https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/admin/templates-kit.php?rev=2833046https://www.wordfence.com/blog/2023/01/eleven-vulnerabilities-patched-in-royal-elementor-addons/https://www.wordfence.com/threat-intel/vulnerabilities/id/cdd464ad-24bc-4922-8bfa-ac42fbe60b52?source=cvehttps://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/admin/templates-kit.php?rev=2833046https://www.wordfence.com/blog/2023/01/eleven-vulnerabilities-patched-in-royal-elementor-addons/https://www.wordfence.com/threat-intel/vulnerabilities/id/cdd464ad-24bc-4922-8bfa-ac42fbe60b52
2023-01-10
Published
Exploited in the wild