Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WProyal — Vulnerabilities & Security Advisories 68

Browse all 68 CVE security advisories affecting WProyal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wproyal operates as a provider of web-based management and monitoring solutions, primarily targeting industrial control systems and network infrastructure. The software suite has historically been associated with a significant volume of security flaws, currently totaling 65 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and improper access control mechanisms that facilitate privilege escalation. These defects often stem from insufficient input validation and weak authentication protocols within the administrative interfaces. Notable incidents involve the exploitation of these flaws to gain unauthorized system access, potentially allowing attackers to disrupt critical operations or exfiltrate sensitive data. The high frequency of disclosed vulnerabilities suggests systemic issues in the development lifecycle, necessitating rigorous patch management and network segmentation to mitigate risks associated with this specific vendor’s ecosystem.

Found 55 results / 68Clear Filters
Top products by WProyal: Royal Addons for Elementor – Addons and Templates Kit for Elementor Bard Ashe News Magazine X Royal Elementor Addons Royal Elementor Kit Bard Extra Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely
CVE IDTitleCVSSSeverityPublished
CVE-2026-6504 Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-05-14
CVE-2026-5159 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-05-05
CVE-2026-4803 Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 7.2 High2026-05-05
CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-862 5.3 Medium2026-05-02
CVE-2026-6229 Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-918 7.2 High2026-05-02
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-24
CVE-2026-5162 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-17
CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-862 5.3 Medium2026-03-17
CVE-2025-13067 Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-434 8.8 High2026-03-11
CVE-2025-6251 Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-11-19
CVE-2025-5338 Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-06-26
CVE-2025-3813 Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-05-31
CVE-2024-12120 Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 5.4 Medium2025-05-07
CVE-2025-1456 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-04-12
CVE-2025-1455 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-04-12
CVE-2025-1441 Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 6.1 Medium2025-02-19
CVE-2025-0393 Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 6.1 Medium2025-01-14
CVE-2024-10798 Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-639 4.3 Medium2024-11-28
CVE-2024-9682 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-9668 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-9059 Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-7417 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-200 4.3 Medium2024-10-17
CVE-2024-8482 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-10-08
CVE-2024-5818 Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-07-24
CVE-2024-4488 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-06-07
CVE-2024-4489 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-06-07
CVE-2024-4087 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-06-01
CVE-2024-4342 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-06-01
CVE-2024-3887 Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 5.4 Medium2024-05-16

This page lists every published CVE security advisory associated with WProyal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.