CVE-2023-5922: 
WordPress vulnerability analysis and mitigation

The Royal Elementor Addons and Templates WordPress plugin before version 1.3.81 contains a security vulnerability identified as CVE-2023-5922. The vulnerability was discovered by Krzysztof Zając from CERT PL and publicly disclosed on December 6, 2023. This security flaw affects the plugin's AJAX action and REST endpoint functionality, which fails to properly validate user access rights when accessing posts (WPScan Advisory).

The vulnerability is classified as an Insecure Direct Object Reference (IDOR) issue and falls under the OWASP Top 10 category A5: Broken Access Control. It has been assigned CWE-639 and received a CVSS base score of 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating a significant security risk (NVD Database).

The vulnerability allows unauthenticated users to access arbitrary draft posts, private content, and password-protected posts/pages content through the plugin's AJAX action. This represents a significant breach of content access controls and could expose sensitive or unpublished information (WPScan Advisory).

The vulnerability has been patched in version 1.3.81 of the Royal Elementor Addons and Templates plugin. Website administrators are strongly advised to update to this version or later to protect against unauthorized access to protected content (WPScan Advisory).