Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Royal Addons for Elementor – Addons and Templates Kit for Elementor — Vulnerabilities & Security Advisories 50

All 50 CVE vulnerabilities found in Royal Addons for Elementor – Addons and Templates Kit for Elementor, with AI-generated Chinese analysis, references, and POCs.

Vendor: wproyal

CVE IDTitleCVSSSeverityPublished
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field CWE-79 6.4 Medium2026-04-24
CVE-2026-5162 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget CWE-79 6.4 Medium2026-04-17
CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass CWE-79 6.4 Medium2026-04-04
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure CWE-862 5.3 Medium2026-03-17
CVE-2025-13067 Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass CWE-434 8.8 High2026-03-11
CVE-2025-6251 Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-11-19
CVE-2025-5338 Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets CWE-79 6.4 Medium2025-06-26
CVE-2025-3813 Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-05-31
CVE-2024-12120 Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 5.4 Medium2025-05-07
CVE-2025-1456 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-04-12
CVE-2025-1455 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-04-12
CVE-2025-1441 Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CWE-352 6.1 Medium2025-02-19
CVE-2025-0393 Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CWE-352 6.1 Medium2025-01-14
CVE-2024-10798 Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure CWE-639 4.3 Medium2024-11-28
CVE-2024-9682 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget CWE-79 6.4 Medium2024-11-13
CVE-2024-9668 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2024-11-13
CVE-2024-9059 Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget CWE-79 6.4 Medium2024-11-13
CVE-2024-7417 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure CWE-200 4.3 Medium2024-10-17
CVE-2024-8482 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget CWE-79 6.4 Medium2024-10-08
CVE-2024-5818 Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget CWE-79 6.4 Medium2024-07-24
CVE-2024-4488 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-06-07
CVE-2024-4489 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads CWE-79 6.4 Medium2024-06-07
CVE-2024-4087 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget CWE-79 6.4 Medium2024-06-01
CVE-2024-4342 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-06-01
CVE-2024-3887 Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget CWE-79 5.4 Medium2024-05-16
CVE-2024-1567 Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload CWE-434 8.2 High2024-05-02
CVE-2024-3675 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes CWE-79 6.4 Medium2024-05-02
CVE-2024-3889 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags CWE-79 6.4 Medium2024-04-23
CVE-2024-2798 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 6.4 Medium2024-04-23
CVE-2024-2799 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags CWE-79 6.4 Medium2024-04-23

All 50 known CVE vulnerabilities affecting Royal Addons for Elementor – Addons and Templates Kit for Elementor with full Chinese analysis, references, and POCs where available.