Royal Addons For Elementor – Addons And Templates Kit For Elementor
Approved changes feed: RSS · Atom
cpe:2.3:a:wproyal:royal_addons_for_elementor_–_addons_and_templates_kit_for_elementor:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wproyal (793f1007-f055-53cd-81c3-35337836018d) |
|---|---|
| Product | Royal Addons For Elementor – Addons And Templates Kit For Elementor (1fd85f46-eb31-5686-a60b-7861a60626b8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-6504 |
vulnerable | 2026-06-08 08:07:04.847525 |
Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter
MEDIUM (6.4)
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-05-14T08:24:27.810Z
Updated: 2026-05-14T10:42:12.258Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-6229 |
vulnerable | 2026-06-08 08:07:04.572091 |
Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter
HIGH (7.2)
The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the render_csv_data() function, which can be bypassed by including 'docs.google.com/spreadsheets' in a query parameter, and the subsequent use of these URLs in fopen() calls without blocking internal or private network addresses. This makes it possible for authenticated attackers, with Contributor-level access and above, to make requests to arbitrary URLs and retrieve sensitive information from internal services.
Published: 2026-05-02T07:46:41.839Z
Updated: 2026-05-04T13:39:10.866Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5428 |
vulnerable | 2026-06-08 08:07:03.696633 |
Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field
MEDIUM (6.4)
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the render_post_thumbnail() function, where wp_kses_post() is used instead of esc_attr() for the alt attribute context. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses a page with the malicious image displayed in the media grid widget.
Published: 2026-04-24T05:29:38.884Z
Updated: 2026-04-24T18:24:57.867Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5162 |
vulnerable | 2026-06-08 08:07:03.070611 |
Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget
MEDIUM (6.4)
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-04-17T01:24:36.629Z
Updated: 2026-04-17T18:48:24.671Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5159 |
vulnerable | 2026-06-08 08:07:03.061844 |
Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter
MEDIUM (6.4)
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that exploitation requires that an administrator has previously configured the Instagram Feed widget with a valid Instagram access token on the site.
Published: 2026-05-05T03:37:39.544Z
Updated: 2026-05-05T12:36:37.792Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-4803 |
vulnerable | 2026-06-08 08:07:02.398804 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-4024 |
vulnerable | 2026-06-08 08:05:12.509084 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-2373 |
vulnerable | 2026-06-08 07:55:16.973979 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-0664 |
vulnerable | 2026-06-08 07:47:12.870287 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6251 |
vulnerable | 2026-06-08 07:43:14.619462 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5338 |
vulnerable | 2026-06-08 07:35:24.682584 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5092 |
vulnerable | 2026-06-08 07:35:24.141066 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3813 |
vulnerable | 2026-06-08 07:23:09.937661 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1456 |
vulnerable | 2026-06-08 07:08:37.005069 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1455 |
vulnerable | 2026-06-08 07:08:37.004500 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1441 |
vulnerable | 2026-06-08 07:08:36.982583 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13067 |
vulnerable | 2026-06-08 07:04:31.520757 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0393 |
vulnerable | 2026-06-08 07:02:24.490022 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9682 |
vulnerable | 2026-06-08 07:00:28.528901 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9668 |
vulnerable | 2026-06-08 07:00:28.445046 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9059 |
vulnerable | 2026-06-08 07:00:26.575638 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8482 |
vulnerable | 2026-06-08 07:00:24.742979 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7417 |
vulnerable | 2026-06-08 06:58:22.140785 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5818 |
vulnerable | 2026-06-08 06:56:17.498429 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4489 |
vulnerable | 2026-06-08 06:50:17.850916 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4488 |
vulnerable | 2026-06-08 06:50:17.850506 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4342 |
vulnerable | 2026-06-08 06:50:17.549343 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4087 |
vulnerable | 2026-06-08 06:50:17.006656 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3889 |
vulnerable | 2026-06-08 06:43:51.755439 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3887 |
vulnerable | 2026-06-08 06:43:51.754193 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3675 |
vulnerable | 2026-06-08 06:43:51.178762 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2799 |
vulnerable | 2026-06-08 06:35:27.381324 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2798 |
vulnerable | 2026-06-08 06:35:27.377570 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1567 |
vulnerable | 2026-06-08 06:27:13.456206 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1500 |
vulnerable | 2026-06-08 06:25:40.289171 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12120 |
vulnerable | 2026-06-08 06:23:51.298167 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10798 |
vulnerable | 2026-06-08 06:23:47.569382 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0516 |
vulnerable | 2026-06-08 06:22:01.267855 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0515 |
vulnerable | 2026-06-08 06:22:01.267460 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0514 |
vulnerable | 2026-06-08 06:22:01.266845 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0513 |
vulnerable | 2026-06-08 06:22:01.257760 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0512 |
vulnerable | 2026-06-08 06:22:01.257138 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0511 |
vulnerable | 2026-06-08 06:22:01.256761 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0442 |
vulnerable | 2026-06-08 06:22:01.075093 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3709 |
vulnerable | 2026-06-08 06:09:40.283749 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4974 |
vulnerable | 2026-06-08 05:52:02.710371 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4711 |
vulnerable | 2026-06-08 05:52:00.220981 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4710 |
vulnerable | 2026-06-08 05:52:00.220510 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4709 |
vulnerable | 2026-06-08 05:52:00.219895 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4708 |
vulnerable | 2026-06-08 05:52:00.219285 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4707 |
vulnerable | 2026-06-08 05:52:00.217318 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4705 |
vulnerable | 2026-06-08 05:52:00.212477 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4704 |
vulnerable | 2026-06-08 05:52:00.211976 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4703 |
vulnerable | 2026-06-08 05:52:00.211301 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4702 |
vulnerable | 2026-06-08 05:52:00.210901 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4701 |
vulnerable | 2026-06-08 05:52:00.210288 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4700 |
vulnerable | 2026-06-08 05:52:00.209036 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.