CVE-2026-40763
Description
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1056.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Royal Elementor Addons plugin <=1.7.1056 has a missing authorization vulnerability allowing unprivileged attackers to execute higher privileged actions.
The vulnerability is a missing authorization check in the WordPress plugin Royal Elementor Addons versions up to and including 1.7.1056. The absence of proper access control allows exploitation of incorrectly configured security levels.
Attackers can exploit this without authentication, as the issue is a broken access control vulnerability. The vulnerability can be used in mass-exploit campaigns targeting thousands of websites regardless of size or popularity.
Successful exploitation enables an unprivileged user to execute higher privileged actions, potentially leading to unauthorized access and control over the affected site.
The vendor recommends updating to version 1.7.1057 or later. Patchstack users can enable auto-updates to automatically apply the fix [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)Wordfence Blog · Apr 9, 2026