Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wproyal — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting wproyal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wproyal:Royal Addons for Elementor – Addons and Templates Kit for ElementorBardAsheNews Magazine XRoyal Elementor KitBard ExtraRoyal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely
CVE IDTitleCVSSSeverityPublished
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-24
CVE-2026-5162 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-17
CVE-2026-4305 Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter — Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites SafelyCWE-79 6.1 Medium2026-04-10
CVE-2026-39627 WordPress Ashe theme <= 2.266 - Broken Access Control vulnerability — AsheCWE-862 6.5AIMediumAI2026-04-08
CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-24382 WordPress News Magazine X theme <= 1.2.50 - Broken Access Control vulnerability — News Magazine XCWE-862 7.5 High2026-03-25
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-862 5.3 Medium2026-03-17
CVE-2025-13067 Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-434 8.8 High2026-03-11
CVE-2025-63018 WordPress Bard theme <= 2.229 - Broken Access Control vulnerability — BardCWE-862 4.3 Medium2026-01-22
CVE-2025-6251 Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-11-19
CVE-2025-24766 WordPress News Magazine X <= 1.2.35 - Local File Inclusion Vulnerability — News Magazine XCWE-98 7.5 High2025-08-14
CVE-2025-5338 Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-06-26
CVE-2025-3813 Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-05-31
CVE-2024-12120 Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 5.4 Medium2025-05-07
CVE-2025-1456 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-04-12
CVE-2025-1455 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2025-04-12
CVE-2025-1441 Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 6.1 Medium2025-02-19
CVE-2025-0393 Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 6.1 Medium2025-01-14
CVE-2024-37490 WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability — BardCWE-352 4.3 Medium2025-01-02
CVE-2024-37478 WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability — AsheCWE-352 4.3 Medium2025-01-02
CVE-2024-10798 Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-639 4.3 Medium2024-11-28
CVE-2024-10532 Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import — Bard ExtraCWE-862 4.3 Medium2024-11-21
CVE-2024-9777 Ashe <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter — AsheCWE-79 6.1 Medium2024-11-19
CVE-2024-9830 Bard <= 2.216 - Reflected Cross-Site Scripting via add_query_arg Parameter — BardCWE-79 6.1 Medium2024-11-19
CVE-2024-9682 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-9668 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-9059 Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-7417 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-200 4.3 Medium2024-10-17
CVE-2024-8482 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-10-08
CVE-2024-5818 Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-07-24

This page lists every published CVE security advisory associated with wproyal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.