Wproyal Royal Addons For Elementor – Addons And Templates Kit For Elementor
57 CVEs affecting Wproyal Royal Addons For Elementor – Addons And Templates Kit For Elementor. Latest disclosed: 2026-05-14. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-13067 | High | 8.8 | 2026-03-11 | The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insuf… |
CVE-2024-1567 | High | 8.2 | 2024-05-02 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity'… |
CVE-2026-4803 | High | 7.2 | 2026-05-05 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX… |
CVE-2026-6229 | High | 7.2 | 2026-05-02 | The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insuffi… |
CVE-2026-6504 | Medium | 6.4 | 2026-05-14 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to… |
CVE-2026-5159 | Medium | 6.4 | 2026-05-05 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' settin… |
CVE-2026-5428 | Medium | 6.4 | 2026-04-24 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in ver… |
CVE-2026-5162 | Medium | 6.4 | 2026-04-17 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' settin… |
CVE-2026-0664 | Medium | 6.4 | 2026-04-04 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' parameter in all versions up to, and inc… |
CVE-2025-5092 | Medium | 6.4 | 2025-11-20 | Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (<= 2.8.3) in various… |
CVE-2025-6251 | Medium | 6.4 | 2025-11-19 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item['field_id'] in all versions up to, and inc… |
CVE-2025-5338 | Medium | 6.4 | 2025-06-26 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.102… |
CVE-2025-3813 | Medium | 6.4 | 2025-05-31 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions… |
CVE-2025-1456 | Medium | 6.4 | 2025-04-12 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widget… |
CVE-2025-1455 | Medium | 6.4 | 2025-04-12 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and i… |
CVE-2024-9682 | Medium | 6.4 | 2024-11-13 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions… |
CVE-2024-9668 | Medium | 6.4 | 2024-11-13 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up… |
CVE-2024-9059 | Medium | 6.4 | 2024-11-13 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, an… |
CVE-2024-8482 | Medium | 6.4 | 2024-10-08 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and i… |
CVE-2024-5818 | Medium | 6.4 | 2024-07-24 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widg… |