Approved changes feed: RSS · Atom

cpe:2.3:a:wproyal:royal_elementor_kit:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorWproyal (793f1007-f055-53cd-81c3-35337836018d)
ProductRoyal Elementor Kit (ea61f0e0-8d13-51f6-8ef3-0f46b2335c3d)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-32773 vulnerable 2026-06-08 06:37:23.956324 WordPress Royal Elementor Kit theme <= 1.0.116 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116.
Published: 2024-04-24T14:58:17.292Z
Updated: 2026-04-28T16:09:40.073Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0835 vulnerable 2026-06-08 06:22:02.953958 Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update
MEDIUM (4.3)
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.
Published: 2024-02-05T21:21:45.292Z
Updated: 2026-04-08T16:56:33.487Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.