Login Sign Up

CVE-2023-5922

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in the Royal Elementor Addons and Templates WordPress plugin allows unauthenticated attackers to access draft, private, and password-protected posts/pages via AJAX endpoints. Any WordPress site using affected versions of this plugin is vulnerable to content disclosure.

💻 Affected Systems

Products:
  • Royal Elementor Addons and Templates WordPress plugin
Versions: All versions before 1.3.81
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all WordPress installations with vulnerable plugin versions installed and activated.

📦 What is this software?

Royal Elementor Addons by Royal Elementor Addons

View all CVEs affecting Royal Elementor Addons →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive unpublished content, confidential draft materials, or private posts containing proprietary information, leading to data breaches and intellectual property theft.

🟠

Likely Case

Unauthenticated users accessing restricted content they shouldn't see, potentially exposing draft articles, private announcements, or password-protected materials.

🟢

If Mitigated

If proper access controls and authentication checks are implemented, only authorized users can access restricted content as intended.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted AJAX requests to vulnerable endpoints. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.81

Vendor Advisory: https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Royal Elementor Addons and Templates'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.3.81+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Royal Elementor Addons and Templates plugin until patched

wp plugin deactivate royal-elementor-addons

Restrict AJAX endpoints

linux

Use web application firewall or .htaccess to block unauthorized access to AJAX endpoints

# Add to .htaccess:
RewriteCond %{REQUEST_URI} ^/wp-admin/admin-ajax\.php [NC]
RewriteCond %{QUERY_STRING} action=.*
RewriteRule .* - [F,L]

🧯 If You Can't Patch

  • Disable the Royal Elementor Addons and Templates plugin immediately
  • Implement strict IP-based access controls to WordPress admin and AJAX endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Royal Elementor Addons and Templates version number

Check Version:

wp plugin get royal-elementor-addons --field=version

Verify Fix Applied:

Verify plugin version is 1.3.81 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Unusual AJAX requests to admin-ajax.php with action parameters
  • Access to draft/private posts from unauthenticated IPs

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with action parameters from unauthorized sources

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND http_method="POST" AND NOT user_agent="WordPress/*")

📊 Metadata

CVE ID: CVE-2023-5922
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: January 16, 2024
Last Updated: June 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON