VYPR

Royal Elementor Addons and Templates

by WordPress

Source repositories

CVEs (35)

  • CVE-2023-5360CriOct 31, 2023
    risk 0.73cvss 9.8epss 0.82

    The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

  • CVE-2023-5922HigJan 16, 2024
    risk 0.49cvss 7.5epss 0.01

    The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private…

  • CVE-2024-1567HigMay 2, 2024
    risk 0.46cvss 8.2epss 0.01

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload…

  • CVE-2025-3813MedMay 31, 2025
    risk 0.42cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2025-1455MedApr 12, 2025
    risk 0.42cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-9682MedNov 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-9668MedNov 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-9059MedNov 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-8482MedOct 8, 2024
    risk 0.42cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-5818MedJul 24, 2024
    risk 0.42cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user…

  • CVE-2025-1441MedFeb 19, 2025
    risk 0.40cvss 6.1epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. This makes it possible for…

  • CVE-2025-6251MedNov 19, 2025
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item['field_id'] in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2025-1456MedApr 12, 2025
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output…

  • CVE-2024-4489MedJun 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-4488MedJun 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-4342MedJun 1, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input…

  • CVE-2024-4087MedJun 1, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-3887MedMay 16, 2024
    risk 0.35cvss 5.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2024-3675MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.01

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and…

  • CVE-2024-3889MedApr 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied…

Page 1 of 2