Vulnerabilities and security researches forroyal-elementor-addons royal-elementor-addons

Direction: descending

Apr 16, 2025

Royal Elementor Addons and Templates # CVE-2025-26990

CVE, Research URL: CVE-2025-26990
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Apr 15, 2025
Research Description: Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons allows Server Side Request Forgery. This issue affects Royal Elementor Addons: from n/a through 1.7.1006.
Affected versions: Min -, max -.
Status: vulnerable

Apr 13, 2025

Royal Elementor Addons and Templates # CVE-2025-1456

CVE, Research URL: CVE-2025-1456
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Apr 12, 2025
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2025-1455

CVE, Research URL: CVE-2025-1455
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Apr 12, 2025
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Feb 21, 2025

Royal Elementor Addons and Templates # CVE-2025-1441

CVE, Research URL: CVE-2025-1441
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Feb 19, 2025
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jan 14, 2025

Royal Elementor Addons and Templates # CVE-2025-0393

CVE, Research URL: CVE-2025-0393
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 14, 2025
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jan 02, 2025

Royal Elementor Addons and Templates # CVE-2024-56227

CVE, Research URL: CVE-2024-56227
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Dec 31, 2024
Research Description: Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-56226

CVE, Research URL: CVE-2024-56226
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Dec 31, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001.
Affected versions: Min -, max -.
Status: vulnerable

Dec 21, 2024

Royal Elementor Addons and Templates # CVE-2024-56062

CVE, Research URL: CVE-2024-56062
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 01, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.987.
Affected versions: Min -, max -.
Status: vulnerable

Nov 28, 2024

Royal Elementor Addons and Templates # CVE-2024-10798

CVE, Research URL: CVE-2024-10798
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Nov 28, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.
Affected versions: Min -, max -.
Status: vulnerable

Nov 14, 2024

Royal Elementor Addons and Templates # CVE-2024-9668

CVE, Research URL: CVE-2024-9668
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Nov 13, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-9682

CVE, Research URL: CVE-2024-9682
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Nov 13, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-9059

CVE, Research URL: CVE-2024-9059
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Nov 13, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Oct 27, 2024

Royal Elementor Addons and Templates # CVE-2024-50442

CVE, Research URL: CVE-2024-50442
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Oct 28, 2024
Research Description: Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.
Affected versions: Min -, max -.
Status: vulnerable

Oct 17, 2024

Royal Elementor Addons and Templates # CVE-2024-7417

CVE, Research URL: CVE-2024-7417
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Oct 17, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.
Affected versions: Min -, max -.
Status: vulnerable

Oct 08, 2024

Royal Elementor Addons and Templates # CVE-2024-8482

CVE, Research URL: CVE-2024-8482
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: -
Research Description: Royal Elementor Addons and Templates [royal-elementor-addons] < 1.3.987 CVE-2024-8482
Affected versions: Min -, max -.
Status: vulnerable

Sep 02, 2024

Royal Elementor Addons and Templates # CVE-2024-44001

CVE, Research URL: CVE-2024-44001
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Sep 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.982.
Affected versions: Min -, max -.
Status: vulnerable

Aug 04, 2024

Royal Elementor Addons and Templates # CVE-2024-5818

CVE, Research URL: CVE-2024-5818
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jul 24, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jun 08, 2024

Royal Elementor Addons and Templates # CVE-2024-4489

CVE, Research URL: CVE-2024-4489
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jun 07, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-4488

CVE, Research URL: CVE-2024-4488
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jun 07, 2024
Research Description: The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

Royal Elementor Addons and Templates # 70e3861f811c847c408946a4394074851b3e632a

CVE, Research URL: 70e3861f811c847c408946a4394074851b3e632a
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Dec 06, 2022
Research Description: Royal Elementor Addons and Templates [royal-elementor-addons] < 1.3.33 Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.55. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link. This may lead to template creation and deletion.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4702

CVE, Research URL: CVE-2022-4702
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4102

CVE, Research URL: CVE-2022-4102
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4710

CVE, Research URL: CVE-2022-4710
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4709

CVE, Research URL: CVE-2022-4709
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4707

CVE, Research URL: CVE-2022-4707
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create Mega Menu templates, granted they can trick an administrator into performing an action, such as clicking a link.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4705

CVE, Research URL: CVE-2022-4705
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4703

CVE, Research URL: CVE-2022-4703
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4700

CVE, Research URL: CVE-2022-4700
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4103

CVE, Research URL: CVE-2022-4103
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4704

CVE, Research URL: CVE-2022-4704
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4701

CVE, Research URL: CVE-2022-4701
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4711

CVE, Research URL: CVE-2022-4711
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2023-3709

CVE, Research URL: CVE-2023-3709
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jul 18, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-4708

CVE, Research URL: CVE-2022-4708
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 10, 2023
Research Description: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-0511

CVE, Research URL: CVE-2024-0511
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Feb 08, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-0513

CVE, Research URL: CVE-2024-0513
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Feb 29, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for unauthenticated attackers to remove items from user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-1567

CVE, Research URL: CVE-2024-1567
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: May 02, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-0514

CVE, Research URL: CVE-2024-0514
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Feb 29, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-0515

CVE, Research URL: CVE-2024-0515
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Feb 29, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for unauthenticated attackers to remove items from user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-1500

CVE, Research URL: CVE-2024-1500
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Mar 07, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2023-5360

CVE, Research URL: CVE-2023-5360
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Oct 31, 2023
Research Description: The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2023-5922

CVE, Research URL: CVE-2023-5922
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jan 16, 2024
Research Description: The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-0442

CVE, Research URL: CVE-2024-0442
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Feb 29, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-0512

CVE, Research URL: CVE-2024-0512
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Feb 29, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for unauthenticated attackers to add items to user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-0516

CVE, Research URL: CVE-2024-0516
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Feb 29, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-31236

CVE, Research URL: CVE-2024-31236
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Apr 07, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-3889

CVE, Research URL: CVE-2024-3889
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Apr 23, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes like 'accordion_title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2022-47175

CVE, Research URL: CVE-2022-47175
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Oct 06, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-4087

CVE, Research URL: CVE-2024-4087
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jun 01, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-3675

CVE, Research URL: CVE-2024-3675
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: May 02, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-3887

CVE, Research URL: CVE-2024-3887
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: May 16, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-2798

CVE, Research URL: CVE-2024-2798
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Apr 23, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-32786

CVE, Research URL: CVE-2024-32786
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: May 17, 2024
Research Description: Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-4342

CVE, Research URL: CVE-2024-4342
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Jun 01, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Royal Elementor Addons and Templates # CVE-2024-2799

CVE, Research URL: CVE-2024-2799
Home page URL: Security reports for Royal Elementor Addons and Templates
Application: Royal Elementor Addons and Templates
Date: Apr 23, 2024
Research Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable