18 matches found
CVE-2026-0664
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter in all versions up to, and including, 1.7.1049 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0664
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter in all versions up to, and including, 1.7.1049 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0664
The Royal Addons for Elementor plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) flaw via the button_text parameter in versions up to 1.7.1049, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor+ privileges can inject scri...
WordPress plugin Royal Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Royal Elementor Addons plugin <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via REST API Meta Bypass vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Royal Elementor Addons versions = 1.7.1049...
CVE-2026-2373
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
CVE-2025-13067
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization. This makes it possib...
WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability
WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin = 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Royal Elementor Addons versions = 1.7.1049...
CVE-2026-2373
The Royal Addons for Elementor – Addons and Templates Kit for Elementor (WordPress) is affected up to version 1.7.1049. The vulnerability arises in get_main_query_args(), due to insufficient restrictions on which posts can be included, allowing unauthenticated attackers to exfiltrate contents of ...
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
EUVD-2025-208561
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization. This makes it possib...
CVE-2025-13067 Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization. This makes it possib...
EUVD-2026-9785
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through = 1.7.1049...
CVE-2026-28135 WordPress Royal Elementor Addons plugin <= 1.7.1052 - Other vulnerability Type vulnerability
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through = 1.7.1052...
CVE-2026-28135
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through = 1.7.1049...
CVE-2026-28135
The CVE refers to WP Royal Elementor Addons (royal-elementor-addons) with versions up to 1.7.1052/1051 affected. Reported as an inclusion of functionality from an untrusted control sphere, which enables Accessing Functionality Not Properly Constrained by ACLs. Public sources (NVD, Red Hat, CVE li...
WordPress Royal Elementor Addons plugin <= 1.7.1051 - Other Vulnerability Type vulnerability
Other Vulnerability Type vulnerability discovered by mcdruid in WordPress Plugin Royal Elementor Addons versions = 1.7.1051...