Royal-elementor-addons Royal Elementor Addons — known CVE vulnerabilities
Every CVE whose affected-product data names Royal-elementor-addons Royal Elementor Addons, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (58)
CVE-2023-5360 — CVSS 9.8 (critical): The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow…
CVE-2024-1567 — CVSS 8.2 (high): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in…
CVE-2023-5922 — CVSS 7.5 (high): The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and…
CVE-2024-56226 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons…
CVE-2024-56062 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons…
CVE-2025-39361 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons…
CVE-2024-50442 — CVSS 6.5 (medium): Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows XML…
CVE-2024-44001 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons…
CVE-2024-31236 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons…
CVE-2024-8482 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in…
CVE-2024-5818 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's…
CVE-2025-5338 — CVSS 6.4 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to…
CVE-2025-1455 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all…
CVE-2025-1456 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`…
CVE-2024-3675 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel…
CVE-2025-3813 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’…
CVE-2024-2798 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget…
CVE-2024-0442 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in…
CVE-2024-4489 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’…
CVE-2024-4488 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in…
CVE-2024-2799 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced…
CVE-2024-4342 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot…
CVE-2024-4087 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top…
CVE-2024-3889 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced…
CVE-2024-9682 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder…
CVE-2024-9668 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown…
CVE-2024-9059 — CVSS 6.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in…
CVE-2025-0393 — CVSS 6.1 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2022-4710 — CVSS 6.1 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59…
CVE-2025-1441 — CVSS 6.1 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2024-12120 — CVSS 5.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget…
CVE-2024-3887 — CVSS 5.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in…
CVE-2022-4704 — CVSS 5.4 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action…
CVE-2022-4702 — CVSS 5.4 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX…
CVE-2022-4700 — CVSS 5.4 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX…
CVE-2024-1500 — CVSS 5.4 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all…
CVE-2024-32786 — CVSS 5.3 (medium): Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal…
CVE-2024-0516 — CVSS 5.3 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing…
CVE-2023-3709 — CVSS 5.3 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including…
CVE-2025-26990 — CVSS 4.4 (medium): Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request…
CVE-2022-47175 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
CVE-2022-4711 — CVSS 4.3 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX…
CVE-2024-56227 — CVSS 4.3 (medium): Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured…
CVE-2022-4709 — CVSS 4.3 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX…
CVE-2024-7417 — CVSS 4.3 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including…
CVE-2022-4708 — CVSS 4.3 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX…
CVE-2022-4707 — CVSS 4.3 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This…
CVE-2022-4705 — CVSS 4.3 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action…
CVE-2022-4103 — CVSS 4.3 (medium): The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does…
CVE-2022-4703 — CVSS 4.3 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action…
CVE-2024-10798 — CVSS 4.3 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including…
CVE-2022-4701 — CVSS 4.3 (medium): The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX…
CVE-2024-0515 — CVSS 4.3 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2024-0513 — CVSS 4.3 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2024-0512 — CVSS 4.3 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2024-0511 — CVSS 4.3 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2024-0514 — CVSS 4.3 (medium): The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2022-4102 — CVSS 3.1 (low): The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not…