cleantalk
Vulnerabilities and Security Researches

Royal Elementor Addons and Templates, CVE-2025-5092

CVE, Research URL

CVE-2025-5092

Home page URL

Security reports for Royal Elementor Addons and Templates

Application

Royal Elementor Addons and Templates

Published on
Nov 20, 2025
Research Description
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (<= 2.8.3) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.7.1032.
Status
vulnerable
Previous vulnerability researches
Authors Autocomplete Meta Box (CVE-2025-25169) , Feb 17, 2025
New vulnerability
ManageWP Worker (CVE-2026-39463) , Apr 23, 2026
Quiz Maker (CVE-2025-58014) , Apr 23, 2026
HTTP Headers (CVE-2026-2717) , Apr 23, 2026
HTTP Headers (CVE-2026-1379) , Apr 23, 2026
HTTP Headers (CVE-2026-4132) , Apr 23, 2026