Royal-Elementor-Addons Royal Elementor Addons vulnerabilities
58 known vulnerabilities affecting royal-elementor-addons/royal_elementor_addons.
Total CVEs
58
CISA KEV
0
Public exploits
1
Exploited in wild
9
Severity breakdown
CRITICAL3HIGH8MEDIUM46LOW1
Vulnerabilities
Page 2 of 3
CVE-2022-4707P4MEDIUMCVSS 6.5≤ 1.3.592023-01-10
CVE-2022-4707 [MEDIUM] CWE-352 CVE-2022-4707: The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create Mega Menu templates, granted they can trick an administrator into performing
nvd
CVE-2024-2798P4MEDIUMCVSS 6.4fixed in 1.3.9722024-04-23
CVE-2024-2798 [MEDIUM] CWE-79 CVE-2024-2798: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acc
nvd
CVE-2024-3889P4MEDIUMCVSS 6.4fixed in 1.3.9722024-04-23
CVE-2024-3889 [MEDIUM] CWE-79 CVE-2024-3889: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes like 'accordion_title_tag'. This makes it possible for authenticated at
nvd
CVE-2023-3709P4MEDIUMCVSS 5.3≤ 1.3.702023-07-18
CVE-2023-3709 [MEDIUM] CWE-200 CVE-2023-3709: The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting an
nvd
CVE-2024-0516P4MEDIUMCVSS 5.3fixed in 1.3.882024-02-29
CVE-2024-0516 [MEDIUM] CWE-352 CVE-2024-0516: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post met
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.
nvd
CVE-2024-1500P4MEDIUMCVSS 5.4fixed in 1.3.922024-03-07
CVE-2024-1500 [MEDIUM] CWE-79 CVE-2024-1500: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to i
nvd
CVE-2024-4342P4MEDIUMCVSS 5.4fixed in 1.3.9762024-06-01
CVE-2024-4342 [MEDIUM] CWE-79 CVE-2024-4342: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping. This makes it possible for authenticated
nvd
CVE-2024-56226P4MEDIUMCVSS 6.1fixed in 1.7.10022024-12-31
CVE-2024-56226 [MEDIUM] CWE-79 CVE-2024-56226: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1001.
nvd
CVE-2025-0393P4MEDIUMCVSS 6.1≤ 1.7.10062025-01-14
CVE-2025-0393 [MEDIUM] CWE-352 CVE-2025-0393: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Fo
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request
nvd
CVE-2024-9682P4MEDIUMCVSS 5.4fixed in 1.7.10022024-11-13
CVE-2024-9682 [MEDIUM] CWE-79 CVE-2024-9682: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level
nvd
CVE-2024-9668P4MEDIUMCVSS 5.4fixed in 1.7.10022024-11-13
CVE-2024-9668 [MEDIUM] CWE-79 CVE-2024-9668: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acc
nvd
CVE-2024-9059P4MEDIUMCVSS 5.4fixed in 1.7.10022024-11-13
CVE-2024-9059 [MEDIUM] CWE-79 CVE-2024-9059: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary
nvd
CVE-2024-31236P4MEDIUMCVSS 5.4fixed in 1.3.942024-04-07
CVE-2024-31236 [MEDIUM] CWE-79 CVE-2024-31236: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93.
nvd
CVE-2024-4087P4MEDIUMCVSS 5.4fixed in 1.3.9762024-06-01
CVE-2024-4087 [MEDIUM] CWE-79 CVE-2024-4087: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level ac
nvd
CVE-2024-4488P4MEDIUMCVSS 5.4fixed in 1.3.9772024-06-07
CVE-2024-4488 [MEDIUM] CWE-79 CVE-2024-4488: The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting
The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web
nvd
CVE-2024-4489P4MEDIUMCVSS 5.4fixed in 1.3.9772024-06-07
CVE-2024-4489 [MEDIUM] CWE-79 CVE-2024-4489: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to injec
nvd
CVE-2024-3887P4MEDIUMCVSS 5.4fixed in 1.3.9752024-05-16
CVE-2024-3887 [MEDIUM] CWE-79 CVE-2024-3887: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and
nvd
CVE-2024-5818P4MEDIUMCVSS 5.4fixed in 1.3.9812024-07-24
CVE-2024-5818 [MEDIUM] CWE-79 CVE-2024-5818: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cros
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with c
nvd
CVE-2024-56062P4MEDIUMCVSS 5.4≤ 1.3.9872024-12-31
CVE-2024-56062 [MEDIUM] CWE-79 CVE-2024-56062: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.3.987.
nvd
CVE-2025-1455P4MEDIUMCVSS 5.4fixed in 1.7.10132025-04-12
CVE-2025-1455 [MEDIUM] CWE-79 CVE-2025-1455: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web
nvd