CVE-2026-40763
published 2026-04-15CVE-2026-40763: Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.18%
7.6th percentile
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1056.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp_royal | royal_elementor_addons | <= 1.7.1056 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vc4-7wrh-m68v: Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control
ghsa_unreviewed·2026-04-16
CVE-2026-40763 [MEDIUM] CWE-862 GHSA-2vc4-7wrh-m68v: Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1056.
VulDB
WP Royal Royal Elementor Addons Plugin up to 1.7.1056 on WordPress authorization (EUVD-2026-22902)
vuldb·2026-04-15
CVE-2026-40763 [CRITICAL] WP Royal Royal Elementor Addons Plugin up to 1.7.1056 on WordPress authorization (EUVD-2026-22902)
A vulnerability identified as critical has been detected in WP Royal Royal Elementor Addons Plugin up to 1.7.1056 on WordPress. Affected by this vulnerability is an unknown functionality. This manipulation causes missing authorization.
The identification of this vulnerability is CVE-2026-40763. It is possible to initiate the attack remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-15
Published