VYPR

Royal Elementor Addons

by WordPress

Source repositories

CVEs (55)

  • CVE-2024-4087MedJun 1, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2022-4704MedJan 10, 2023
    risk 0.35cvss 5.4epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import…

  • CVE-2022-4702MedJan 10, 2023
    risk 0.35cvss 5.4epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to…

  • CVE-2022-4700MedJan 10, 2023
    risk 0.35cvss 5.4epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to…

  • CVE-2026-4024MedMay 2, 2026
    risk 0.34cvss 5.3epss 0.01

    The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both `wp_ajax`…

  • CVE-2025-11363MedDec 15, 2025
    risk 0.34cvss 5.3epss 0.00

    The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr_addons_upload_file action.

  • CVE-2024-0516MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated…

  • CVE-2023-3709MedJul 18, 2023
    risk 0.34cvss 5.3epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for…

  • CVE-2024-0513MedFeb 29, 2024
    risk 0.28cvss 4.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for…

  • CVE-2022-4711MedJan 10, 2023
    risk 0.28cvss 4.3epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to…

  • CVE-2022-4709MedJan 10, 2023
    risk 0.28cvss 4.3epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to…

  • CVE-2022-4708MedJan 10, 2023
    risk 0.28cvss 4.3epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to…

  • CVE-2022-4707MedJan 10, 2023
    risk 0.28cvss 4.3epss 0.00

    The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create…

  • CVE-2022-4705MedJan 10, 2023
    risk 0.28cvss 4.3epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize…

  • CVE-2022-4703MedJan 10, 2023
    risk 0.28cvss 4.3epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset…

  • CVE-2022-4701MedJan 10, 2023
    risk 0.28cvss 4.3epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to…

  • CVE-2026-25436MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.

  • CVE-2026-2373MedMar 17, 2026
    risk 0.27cvss 5.3epss 0.00

    The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_query_args() function due to insufficient restrictions on which posts can be…

  • CVE-2023-5360Oct 31, 2023
    risk 0.10cvss epss 0.82

    The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

  • CVE-2026-8118Jun 19, 2026
    risk 0.00cvss epss 0.00

    The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wpr_get_csv_handle() helper (introduced in version 1.7.1058 as part of the patch for…