CVE-2022-4701: 
WordPress vulnerability analysis and mitigation

The Royal Elementor Addons plugin for WordPress (versions up to and including 1.3.59) contains an insufficient access control vulnerability in the 'wpractivaterequired_plugins' AJAX action, identified as CVE-2022-4701. The vulnerability was disclosed on January 10, 2023, affecting WordPress installations with the Royal Elementor Addons plugin (NVD, Wordfence).

The vulnerability stems from insufficient access control mechanisms in the AJAX action 'wpractivaterequired_plugins'. The issue has been assigned a CVSS v3.1 score of 8.8 (High), indicating its significant severity level. The vulnerability allows authenticated users, even those with minimal subscriber-level permissions, to activate specific plugins including 'contact-form-7', 'media-library-assistant', and 'woocommerce' if they are installed on the site (NVD).

When exploited, this vulnerability allows any authenticated user, regardless of their permission level, to activate certain plugins on the WordPress installation. This can lead to unauthorized plugin activation of 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins, potentially affecting the site's security and functionality (NVD).

Website administrators should update the Royal Elementor Addons plugin to a version newer than 1.3.59 to address this vulnerability. The issue has been patched in subsequent releases (Wordfence).