VYPR

Royal Elementor Addons and Templates

by WordPress

Source repositories

CVEs (35)

  • CVE-2024-2799MedApr 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-2798MedApr 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-1500MedMar 7, 2024
    risk 0.35cvss 5.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible…

  • CVE-2024-0442MedFeb 29, 2024
    risk 0.35cvss 6.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-0516MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated…

  • CVE-2025-0393MedJan 14, 2025
    risk 0.33cvss 6.1epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for…

  • CVE-2024-12120MedMay 7, 2025
    risk 0.28cvss 5.4epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-0515MedFeb 29, 2024
    risk 0.28cvss 4.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for…

  • CVE-2024-0514MedFeb 29, 2024
    risk 0.28cvss 4.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated…

  • CVE-2024-0513MedFeb 29, 2024
    risk 0.28cvss 4.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for…

  • CVE-2024-0512MedFeb 29, 2024
    risk 0.28cvss 4.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for…

  • CVE-2024-0511MedFeb 8, 2024
    risk 0.28cvss 4.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for…

  • CVE-2022-47175MedOct 6, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.

  • CVE-2024-10798MedNov 28, 2024
    risk 0.21cvss 4.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for…

  • CVE-2024-7417MedOct 17, 2024
    risk 0.21cvss 4.3epss 0.00

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from…

Page 2 of 2