CVE-2022-4705: 
WordPress vulnerability analysis and mitigation

The Royal Elementor Addons plugin for WordPress (versions up to 1.3.59) was found to contain an insufficient access control vulnerability, identified as CVE-2022-4705. The vulnerability was discovered and publicly disclosed on January 10, 2023. This security flaw affects the 'wprfinalsettings_setup' AJAX action functionality within the plugin (Wordfence Blog).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The security issue allows any authenticated user, including those with minimal subscriber-level permissions, to finalize the activation of preset site configuration templates (NVD Database).

When exploited, this vulnerability allows authenticated users with low-level permissions to activate preset site configuration templates, potentially leading to unauthorized changes in site configuration. This capability should typically be restricted to administrators only (Wordfence Blog).

Users are advised to update their Royal Elementor Addons plugin to a version newer than 1.3.59, which contains the security patch for this vulnerability (Wordfence Blog).