VYPR

Royal Elementor Addons

by Royal Elementor Addons

Source repositories

CVEs (67)

  • CVE-2025-39361MedMay 7, 2025
    risk 0.35cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1017.

  • CVE-2024-50442MedOct 28, 2024
    risk 0.35cvss 6.5epss 0.01

    Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through <= 1.3.980.

  • CVE-2024-44001MedSep 18, 2024
    risk 0.35cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons.This issue affects Royal Elementor Addons: from n/a through <= 1.3.982.

  • CVE-2024-4489MedJun 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-4488MedJun 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-4342MedJun 1, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input…

  • CVE-2024-4087MedJun 1, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-3887MedMay 16, 2024
    risk 0.35cvss 5.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2024-3675MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.01

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and…

  • CVE-2024-3889MedApr 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-2799MedApr 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-2798MedApr 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-1500MedMar 7, 2024
    risk 0.35cvss 5.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible…

  • CVE-2024-0442MedFeb 29, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2022-4704MedJan 10, 2023
    risk 0.35cvss 5.4epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import…

  • CVE-2022-4702MedJan 10, 2023
    risk 0.35cvss 5.4epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to…

  • CVE-2022-4700MedJan 10, 2023
    risk 0.35cvss 5.4epss 0.01

    The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to…

  • CVE-2026-4024MedMay 2, 2026
    risk 0.34cvss 5.3epss 0.01

    The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both `wp_ajax`…

  • CVE-2025-11363MedDec 15, 2025
    risk 0.34cvss 5.3epss 0.00

    The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr_addons_upload_file action.

  • CVE-2024-0516MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated…