Royal-elementor-addons Royal_elementor_addons
58 CVEs affecting Royal-elementor-addons Royal_elementor_addons. Latest disclosed: 2025-06-26. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-5360 | Critical | 9.8 | 2023-10-31 | The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to u… |
CVE-2024-1567 | High | 8.2 | 2024-05-02 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity'… |
CVE-2023-5922 | High | 7.5 | 2024-01-16 | The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, curre… |
CVE-2024-56226 | High | 7.1 | 2024-12-31 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons al… |
CVE-2025-39361 | Medium | 6.5 | 2025-05-07 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons al… |
CVE-2024-56062 | Medium | 6.5 | 2024-12-31 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons al… |
CVE-2024-50442 | Medium | 6.5 | 2024-10-28 | Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows XML Injection.This issue a… |
CVE-2024-44001 | Medium | 6.5 | 2024-09-18 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons.Th… |
CVE-2024-31236 | Medium | 6.5 | 2024-04-07 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This is… |
CVE-2025-5338 | Medium | 6.4 | 2025-06-26 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.102… |
CVE-2025-3813 | Medium | 6.4 | 2025-05-31 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions… |
CVE-2025-1456 | Medium | 6.4 | 2025-04-12 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widget… |
CVE-2025-1455 | Medium | 6.4 | 2025-04-12 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and i… |
CVE-2024-9682 | Medium | 6.4 | 2024-11-13 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions… |
CVE-2024-9668 | Medium | 6.4 | 2024-11-13 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up… |
CVE-2024-9059 | Medium | 6.4 | 2024-11-13 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, an… |
CVE-2024-8482 | Medium | 6.4 | 2024-10-08 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and i… |
CVE-2024-5818 | Medium | 6.4 | 2024-07-24 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widg… |
CVE-2024-4489 | Medium | 6.4 | 2024-06-07 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions u… |
CVE-2024-4488 | Medium | 6.4 | 2024-06-07 | The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and incl… |