Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WProyal — Vulnerabilities & Security Advisories 67

Browse all 67 CVE security advisories affecting WProyal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wproyal operates as a provider of web-based management and monitoring solutions, primarily targeting industrial control systems and network infrastructure. The software suite has historically been associated with a significant volume of security flaws, currently totaling 65 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and improper access control mechanisms that facilitate privilege escalation. These defects often stem from insufficient input validation and weak authentication protocols within the administrative interfaces. Notable incidents involve the exploitation of these flaws to gain unauthorized system access, potentially allowing attackers to disrupt critical operations or exfiltrate sensitive data. The high frequency of disclosed vulnerabilities suggests systemic issues in the development lifecycle, necessitating rigorous patch management and network segmentation to mitigate risks associated with this specific vendor’s ecosystem.

Top products by WProyal: Royal Addons for Elementor – Addons and Templates Kit for Elementor Bard Ashe News Magazine X Royal Elementor Addons Royal Elementor Kit Bard Extra Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely
CVE IDTitleCVSSSeverityPublished
CVE-2026-25436 WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability — Royal Elementor AddonsCWE-862 5.3 Medium2026-05-07
CVE-2026-27421 WordPress Royal Elementor Addons plugin < 1.7.1053 - Cross Site Scripting (XSS) vulnerability — Royal Elementor AddonsCWE-79 6.5 Medium2026-05-07
CVE-2026-5159 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-05-05
CVE-2026-4803 Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 7.2 High2026-05-05
CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-862 5.3 Medium2026-05-02
CVE-2026-6229 Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-918 7.2 High2026-05-02
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-24
CVE-2026-5162 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-17
CVE-2026-4305 Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter — Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites SafelyCWE-79 6.1 Medium2026-04-10
CVE-2026-39627 WordPress Ashe theme <= 2.266 - Broken Access Control vulnerability — AsheCWE-862 4.3 Medium2026-04-08
CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-24382 WordPress News Magazine X theme <= 1.2.50 - Broken Access Control vulnerability — News Magazine XCWE-862 7.5 High2026-03-25
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-862 5.3 Medium2026-03-17
CVE-2025-13067 Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-434 8.8 High2026-03-11
CVE-2025-63018 WordPress Bard theme <= 2.229 - Broken Access Control vulnerability — BardCWE-862 4.3 Medium2026-01-22
CVE-2025-6251 Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-11-19
CVE-2025-24766 WordPress News Magazine X <= 1.2.35 - Local File Inclusion Vulnerability — News Magazine XCWE-98 7.5 High2025-08-14
CVE-2025-5338 Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-06-26
CVE-2025-3813 Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-05-31
CVE-2024-12120 Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 5.4 Medium2025-05-07
CVE-2025-1456 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-04-12
CVE-2025-1455 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-04-12
CVE-2025-1441 Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 6.1 Medium2025-02-19
CVE-2025-0393 Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 6.1 Medium2025-01-14
CVE-2024-37490 WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability — BardCWE-352 4.3 Medium2025-01-02
CVE-2024-37478 WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability — AsheCWE-352 4.3 Medium2025-01-02
CVE-2024-10798 Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-639 4.3 Medium2024-11-28
CVE-2024-10532 Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import — Bard ExtraCWE-862 4.3 Medium2024-11-21
CVE-2024-9777 Ashe <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter — AsheCWE-79 6.1 Medium2024-11-19
CVE-2024-9830 Bard <= 2.216 - Reflected Cross-Site Scripting via add_query_arg Parameter — BardCWE-79 6.1 Medium2024-11-19

This page lists every published CVE security advisory associated with WProyal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.