CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to 1.7.1057. The root cause is insufficient validation of user-supplied URLs in render_csv_data(), which can be bypassed by including docs.google.com/spreadsheets in a query paramete...