cleantalk
Vulnerabilities and Security Researches

Royal Elementor Addons and Templates, CVE-2026-8118

CVE, Research URL

CVE-2026-8118

Home page URL

Security reports for Royal Elementor Addons and Templates

Application

Royal Elementor Addons and Templates

Published on
Jun 19, 2026
Research Description
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wpr_get_csv_handle() helper (introduced in version 1.7.1058 as part of the patch for CVE-2026-6229) falling back to is_readable() and fopen($source, 'r') on the attacker-controlled settings.table_upload_csv.url value when it does not parse as an HTTP URL, with no allow-list, traversal block, or extension check. This makes it possible for authenticated attackers, with Contributor-level access and above, to save a crafted wpr-data-table widget through Elementor's save_builder endpoint and have the rendered preview return the line-by-line contents of any file readable by the PHP process, including wp-config.php.
Affected versions
max 1.7.1060.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
New vulnerability
Media Library Assistant (CVE-2026-56012) , Jun 20, 2026
MStore API (CVE-2026-54817) , Jun 20, 2026
Bricksable for Bricks Builder (CVE-2026-56009) , Jun 20, 2026
Offload, AI & Optimize with Cloudflare Images (CVE-2026-9860) , Jun 20, 2026
Royal Elementor Addons and Templates (CVE-2026-8118) , Jun 20, 2026