CVE-2023-3709
published 2023-07-18CVE-2023-3709: The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.58%
43.3th percentile
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 5.11.0 < 5.15.150 | 5.15.150 |
| linux | linux_kernel | >= 5.16.0 < 6.1.42 | 6.1.42 |
| linux | linux_kernel | >= 5.3.0 < 5.4.251 | 5.4.251 |
| linux | linux_kernel | >= 5.5.0 < 5.10.188 | 5.10.188 |
| linux | linux_kernel | >= 6.2.0 < 6.4.7 | 6.4.7 |
| royal-elementor-addons | royal_elementor_addons | <= 1.3.70 | — |
| wproyal | royal_addons_for_elementor_addons_and_templates_kit_for_elementor | <= 1.3.70 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
devlink: report devlink_port_type_warn source device
osv·2025-12-09
CVE-2023-53841 devlink: report devlink_port_type_warn source device
devlink: report devlink_port_type_warn source device
In the Linux kernel, the following vulnerability has been resolved:
devlink: report devlink_port_type_warn source device
devlink_port_type_warn is scheduled for port devlink and warning
when the port type is not set. But from this warning it is not easy
found out which device (driver) has no devlink port set.
[ 3709.975552] Type was not set for devlink port.
[ 3709.975579] WARNING: CPU: 1 PID: 13092 at net/devlink/leftover.c:6775 devlink_port_type_warn+0x11/0x20
[ 3709.993967] Modules linked in: openvswitch nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nfnetlink bluetooth rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs vhost_net vhost vhost_iotlb tap tun bridge stp llc qrtr intel_rapl_msr
GHSA
GHSA-6j7m-gh9c-97r6: The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1
ghsa_unreviewed·2023-07-18
CVE-2023-3709 [MEDIUM] CWE-200 GHSA-6j7m-gh9c-97r6: The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.
Red Hat
kernel: devlink: report devlink_port_type_warn source device
vendor_redhat·2025-12-09·CVSS 5.2
CVE-2023-53841 [MEDIUM] CWE-392 kernel: devlink: report devlink_port_type_warn source device
kernel: devlink: report devlink_port_type_warn source device
In the Linux kernel, the following vulnerability has been resolved:
devlink: report devlink_port_type_warn source device
devlink_port_type_warn is scheduled for port devlink and warning
when the port type is not set. But from this warning it is not easy
found out which device (driver) has no devlink port set.
[ 3709.975552] Type was not set for devlink port.
[ 3709.975579] WARNING: CPU: 1 PID: 13092 at net/devlink/leftover.c:6775 devlink_port_type_warn+0x11/0x20
[ 3709.993967] Modules linked in: openvswitch nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nfnetlink bluetooth rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs vhost_net vhost vhost_iotlb tap tun bridge stp llc qrtr intel_rap
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2938619%40royal-elementor-addons&new=2936984%40royal-elementor-addons&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/86c9bcf1-c69e-47ca-b74b-8ce6157f520b?source=cvehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2938619%40royal-elementor-addons&new=2936984%40royal-elementor-addons&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/86c9bcf1-c69e-47ca-b74b-8ce6157f520b?source=cve
2023-07-18
Published