Lucene search
+L

923 matches found

NVD
NVD
added yesterday6 views

CVE-2026-13402

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

5.3CVSS0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-13402

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

5.3AI score0.00146EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-13402

CVE-2026-13402 affects the Royal Addons for Elementor WordPress plugin (before 1.7.1063). The vulnerability stems from the REST endpoints not checking the post status of menu items or the templates they reference, which allows unauthenticated users to retrieve rendered HTML content of private or ...

5.3CVSS6.1AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45149

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

5.3CVSS5.3AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-13402 Royal Elementor Addons < 1.7.1063 - Unauthenticated Private Mega Menu Template Disclosure

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

0.00146EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago636 views

WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload

Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version...

9.8CVSS6.9AI score0.81695EPSS
Exploits18References5
NVD
NVD
added 2026/07/01 7:16 a.m.12 views

CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...

8.1CVSS0.00267EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.26 views

CVE-2026-10750

CVE-2026-10750 concerns the Royal MCP WordPress plugin prior to 1.4.26. The issue arises because the plugin does not perform capability checks on most MCP tools after token authentication, enabling authenticated, low-privilege users (e.g., Subscriber) to read private content, enumerate users and ...

8.1CVSS5.8AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.46 views

CVE-2026-10750 Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...

0.00267EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:16 p.m.23 views

CVE-2026-54842

The CVE describes a Missing Authorization vulnerability in the WordPress Royal MCP plugin (Royal MCP) affecting versions up to 1.4.25. The issue is categorized as Broken Access Control with a CVSS v3.1 base score of 8.1 (HIGH), with network attack vector, low attack complexity, and privileges req...

8.1CVSS5.8AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:16 p.m.7 views

EUVD-2026-39387

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

8.1CVSS5.8AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:16 p.m.57 views

CVE-2026-54842 WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

8.1CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-8118

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 4:31 a.m.16 views

EUVD-2026-37986

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.38 views

CVE-2026-8118 Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS0.0024EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:31 a.m.18 views

CVE-2026-8118

The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...

6.5CVSS5.6AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50845

Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...

6.5CVSS6AI score0.0024EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/18 4:21 p.m.8 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin 1.7.1058-1.7.1059 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Jack Taylor in WordPress Plugin Royal Elementor Addons versions 1.7.1058-1.7.1059...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:20 p.m.7 views

WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dhamdham in WordPress Plugin Royal MCP versions = 1.4.25...

8.1CVSS5.8AI score0.00195EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2026-40720

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Rows per page
Query Builder