{"uuid": "0b6cbd56-93c9-44ad-811d-0b5ff1cf1c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4700", "type": "seen", "source": "https://t.me/arpsyndicate/1691", "content": "#ExploitObserverAlert\n\nCVE-2022-4700\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-4700. The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.\n\nFIRST-EPSS: 0.000680000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-11T02:48:51.000000Z"}