Royal Elementor Addons Security Vulnerabilities and Issues — Royal Elementor Addons CVE List

Lucene search

Royal-elementor-addonsRoyal Elementor Addons

9 matches found

CVE•added 2025/02/19 5:15 a.m.•74 views

CVE-2025-1441

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. This makes it possible for unauthenticated attack...

8.8CVSS5.9AI score0.00023EPSS

CVE•added 2025/04/12 9:15 a.m.•67 views

CVE-2025-1456

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widgetGrid, widgetCountDown, and widgetInstagramFeed methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it po...

6.4CVSS5.8AI score0.00039EPSS

CVE•added 2025/04/12 9:15 a.m.•65 views

CVE-2025-1455

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Cont...

6.4CVSS5.8AI score0.00039EPSS

CVE•added 2025/05/07 8:15 a.m.•64 views

CVE-2024-12120

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This makes it possible for au...

5.4CVSS5.1AI score0.00039EPSS

CVE•added 2025/01/14 9:15 a.m.•63 views

CVE-2025-0393

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attacker...

6.1CVSS6AI score0.00026EPSS

CVE•added 2025/05/07 9:15 a.m.•52 views

CVE-2025-39361

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1017.

6.5CVSS6.4AI score0.00039EPSS

CVE•added 2025/04/15 12:15 p.m.•42 views

CVE-2025-26990

Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons allows Server Side Request Forgery. This issue affects Royal Elementor Addons: from n/a through 1.7.1006.

4.9CVSS7.2AI score0.00037EPSS

CVE•added 2025/05/31 8:15 a.m.•37 views

CVE-2025-3813

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

6.4CVSS5.8AI score0.00037EPSS

CVE•added 2025/06/26 10:15 a.m.•8 views

CVE-2025-5338

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5.8AI score0.00032EPSS