Approved changes feed: RSS · Atom

cpe:2.3:a:wproyal:royal_addons_for_elementor_–_addons_and_templates_kit_for_elementor:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorWproyal (793f1007-f055-53cd-81c3-35337836018d)
ProductRoyal Addons For Elementor – Addons And Templates Kit For Elementor (1fd85f46-eb31-5686-a60b-7861a60626b8)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-6504 vulnerable 2026-06-08 08:07:04.847525 Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter
MEDIUM (6.4)
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-05-14T08:24:27.810Z
Updated: 2026-05-14T10:42:12.258Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-6229 vulnerable 2026-06-08 08:07:04.572091 Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter
HIGH (7.2)
The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the render_csv_data() function, which can be bypassed by including 'docs.google.com/spreadsheets' in a query parameter, and the subsequent use of these URLs in fopen() calls without blocking internal or private network addresses. This makes it possible for authenticated attackers, with Contributor-level access and above, to make requests to arbitrary URLs and retrieve sensitive information from internal services.
Published: 2026-05-02T07:46:41.839Z
Updated: 2026-05-04T13:39:10.866Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-5428 vulnerable 2026-06-08 08:07:03.696633 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field
MEDIUM (6.4)
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the render_post_thumbnail() function, where wp_kses_post() is used instead of esc_attr() for the alt attribute context. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses a page with the malicious image displayed in the media grid widget.
Published: 2026-04-24T05:29:38.884Z
Updated: 2026-04-24T18:24:57.867Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-5162 vulnerable 2026-06-08 08:07:03.070611 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget
MEDIUM (6.4)
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-04-17T01:24:36.629Z
Updated: 2026-04-17T18:48:24.671Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-5159 vulnerable 2026-06-08 08:07:03.061844 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter
MEDIUM (6.4)
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that exploitation requires that an administrator has previously configured the Instagram Feed widget with a valid Instagram access token on the site.
Published: 2026-05-05T03:37:39.544Z
Updated: 2026-05-05T12:36:37.792Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-4803 vulnerable 2026-06-08 08:07:02.398804 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-4024 vulnerable 2026-06-08 08:05:12.509084 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-2373 vulnerable 2026-06-08 07:55:16.973979 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-0664 vulnerable 2026-06-08 07:47:12.870287 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-6251 vulnerable 2026-06-08 07:43:14.619462 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5338 vulnerable 2026-06-08 07:35:24.682584 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-5092 vulnerable 2026-06-08 07:35:24.141066 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-3813 vulnerable 2026-06-08 07:23:09.937661 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-1456 vulnerable 2026-06-08 07:08:37.005069 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-1455 vulnerable 2026-06-08 07:08:37.004500 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-1441 vulnerable 2026-06-08 07:08:36.982583 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-13067 vulnerable 2026-06-08 07:04:31.520757 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-0393 vulnerable 2026-06-08 07:02:24.490022 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-9682 vulnerable 2026-06-08 07:00:28.528901 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-9668 vulnerable 2026-06-08 07:00:28.445046 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-9059 vulnerable 2026-06-08 07:00:26.575638 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8482 vulnerable 2026-06-08 07:00:24.742979 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-7417 vulnerable 2026-06-08 06:58:22.140785 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-5818 vulnerable 2026-06-08 06:56:17.498429 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-4489 vulnerable 2026-06-08 06:50:17.850916 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-4488 vulnerable 2026-06-08 06:50:17.850506 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-4342 vulnerable 2026-06-08 06:50:17.549343 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-4087 vulnerable 2026-06-08 06:50:17.006656 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3889 vulnerable 2026-06-08 06:43:51.755439 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3887 vulnerable 2026-06-08 06:43:51.754193 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3675 vulnerable 2026-06-08 06:43:51.178762 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2799 vulnerable 2026-06-08 06:35:27.381324 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2798 vulnerable 2026-06-08 06:35:27.377570 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1567 vulnerable 2026-06-08 06:27:13.456206 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1500 vulnerable 2026-06-08 06:25:40.289171 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-12120 vulnerable 2026-06-08 06:23:51.298167 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10798 vulnerable 2026-06-08 06:23:47.569382 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0516 vulnerable 2026-06-08 06:22:01.267855 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0515 vulnerable 2026-06-08 06:22:01.267460 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0514 vulnerable 2026-06-08 06:22:01.266845 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0513 vulnerable 2026-06-08 06:22:01.257760 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0512 vulnerable 2026-06-08 06:22:01.257138 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0511 vulnerable 2026-06-08 06:22:01.256761 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0442 vulnerable 2026-06-08 06:22:01.075093 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-3709 vulnerable 2026-06-08 06:09:40.283749 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4974 vulnerable 2026-06-08 05:52:02.710371 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4711 vulnerable 2026-06-08 05:52:00.220981 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4710 vulnerable 2026-06-08 05:52:00.220510 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4709 vulnerable 2026-06-08 05:52:00.219895 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4708 vulnerable 2026-06-08 05:52:00.219285 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4707 vulnerable 2026-06-08 05:52:00.217318 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4705 vulnerable 2026-06-08 05:52:00.212477 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4704 vulnerable 2026-06-08 05:52:00.211976 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4703 vulnerable 2026-06-08 05:52:00.211301 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4702 vulnerable 2026-06-08 05:52:00.210901 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4701 vulnerable 2026-06-08 05:52:00.210288 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4700 vulnerable 2026-06-08 05:52:00.209036 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.