cleantalk
Vulnerabilities and Security Researches

Royal Elementor Addons and Templates, CVE-2026-2373

CVE, Research URL

CVE-2026-2373

Home page URL

Security reports for Royal Elementor Addons and Templates

Application

Royal Elementor Addons and Templates

Published on
Mar 17, 2026
Research Description
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_query_args() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract contents of non-public custom post types, such as Contact Form 7 submissions or WooCommerce coupons.
Affected versions
max 1.7.1050.
Status
vulnerable
Previous vulnerability researches
Royal Elementor Addons and Templates (CVE-2025-11363) , Jan 27, 2026
Royal Elementor Addons and Templates (CVE-2026-2373) , Apr 13, 2026
Royal Elementor Addons and Templates (CVE-2026-0664) , Apr 13, 2026
Royal Elementor Addons and Templates (70e3861f811c847c408946a4394074851b3e632a) , Jun 07, 2024
Royal Elementor Addons and Templates (CVE-2022-4702) , Jun 07, 2024
New vulnerability
Image Source Control Lite – Show Image Credits and Captions (CVE-2026-4852) , Apr 22, 2026
MailerLite – WooCommerce integration (CVE-2026-1000) , Apr 22, 2026
Embed Calendly (CVE-2026-0868) , Apr 22, 2026
Product Filter by WBW (CVE-2026-39494) , Apr 22, 2026
Product Filter by WBW (CVE-2026-3830) , Apr 22, 2026