cleantalk
Vulnerabilities and Security Researches

Royal Elementor Addons and Templates, CVE-2025-11363

CVE, Research URL

CVE-2025-11363

Home page URL

Security reports for Royal Elementor Addons and Templates

Application

Royal Elementor Addons and Templates

Published on
Dec 15, 2025
Research Description
The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr_addons_upload_file action.
Affected versions
max 1.7.1037.
Status
vulnerable
Previous vulnerability researches
Royal Elementor Addons and Templates (CVE-2025-11363) , Jan 27, 2026
Royal Elementor Addons and Templates (70e3861f811c847c408946a4394074851b3e632a) , Jun 07, 2024
Royal Elementor Addons and Templates (CVE-2022-4702) , Jun 07, 2024
Royal Elementor Addons and Templates (CVE-2022-4102) , Jun 07, 2024
Royal Elementor Addons and Templates (CVE-2022-4710) , Jun 07, 2024
New vulnerability
YayMail – WooCommerce Email Customizer (CVE-2026-27327) , Mar 29, 2026
Strong Testimonials (CVE-2026-24957) , Mar 29, 2026
BackWPup – WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026
Breeze – WordPress Cache Plugin (CVE-2025-13864) , Mar 29, 2026