Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-4803

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

7.2CVSS5.7AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 6:31 a.m.40 views

EUVD-2026-27185

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

7.2CVSS6AI score0.00359EPSS
Exploits0References7
NVD
NVD
added 2026/05/02 9:16 a.m.8 views

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS0.00501EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-15632 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to a missing capability check on the wpr update form action meta function, allowing unauthorized post metada...

5.3CVSS9.2AI score0.00225EPSS
Exploits0References5
Rows per page
Query Builder