Lucene search
+L

78 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-13402

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

5.3CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-13402 Royal Elementor Addons < 1.7.1063 - Unauthenticated Private Mega Menu Template Disclosure

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

0.00206EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-13402

CVE-2026-13402 affects the Royal Addons for Elementor WordPress plugin (before 1.7.1063). The vulnerability stems from the REST endpoints not checking the post status of menu items or the templates they reference, which allows unauthenticated users to retrieve rendered HTML content of private or ...

5.3CVSS6.1AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45149

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-13402

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

5.3AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-8118

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 4:31 a.m.16 views

EUVD-2026-37986

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.38 views

CVE-2026-8118 Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS0.0024EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:31 a.m.18 views

CVE-2026-8118

The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...

6.5CVSS5.6AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50845

Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...

6.5CVSS6AI score0.0024EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/18 4:21 p.m.8 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin 1.7.1058-1.7.1059 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Jack Taylor in WordPress Plugin Royal Elementor Addons versions 1.7.1058-1.7.1059...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.14 views

CVE-2026-5162

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 8:24 a.m.18 views

CVE-2026-6504

The CVE concerns the WordPress plugin Royal Elementor Addons (Addons and Templates Kit for Elementor). A Stored Cross-Site Scripting (XSS) vulnerability affects all versions up to 1.7.1058 due to insufficient input sanitization and output escaping in the title_tag parameter. Authentication with C...

6.4CVSS6AI score0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 8:24 a.m.15 views

CVE-2026-6504 Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS6AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 6:31 a.m.10 views

EUVD-2026-27189

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00283EPSS
Exploits0References9
NVD
NVD
added 2026/05/05 4:16 a.m.12 views

CVE-2026-5159

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00283EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/05 3:37 a.m.42 views

CVE-2026-5159 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00283EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:37 a.m.4 views

CVE-2026-5159

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00283EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/05 3:37 a.m.6 views

CVE-2026-5159 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00283EPSS
Exploits0References8
CVE
CVE
added 2026/05/05 3:37 a.m.22 views

CVE-2026-5159

The CVE-2026-5159 entry documents a Stored Cross-Site Scripting flaw in the Royal Addons for Elementor plugin (WordPress). Affected component: the Instagram Feed widget, specifically the instagram_follow_text setting. Root cause: insufficient input sanitization and output escaping in all versions...

6.4CVSS6AI score0.00283EPSS
Exploits0References8
Rows per page
Query Builder