Royal Elementor Addons
WP Royal
Developer
1.7.1053
Latest version
600,000
Installations
No date
Last updated
Vulnerability history
0 present
67 patched
19 Mitigation rules
- WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability<= 1.7.104918/03/2026
- Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass vulnerability<= 1.7.104911/03/2026
- Other vulnerability Type vulnerability<= 1.7.105226/02/2026
- Missing Authorization via wpr_update_form_action_meta vulnerability<= 1.3.8703/02/2026
- Cross-Site Request Forgery via add_to_compare vulnerability<= 1.3.8703/02/2026
- Cross-Site Request Forgery via remove_from_compare vulnerability<= 1.3.8703/02/2026
- Cross-Site Request Forgery via remove_from_wishlist vulnerability<= 1.3.8703/02/2026
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability<= 1.3.97102/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags vulnerability<= 1.3.97102/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags vulnerability<= 1.3.97102/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget vulnerability<= 1.3.97502/02/2026
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability<= 1.7.100102/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability<= 1.7.100102/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.7.101231/12/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.7.101731/12/2025
- Missing Authorization to Unauthenticated Media File Upload vulnerability<= 1.7.103619/12/2025
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting<= 1.7.103120/11/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.7.103618/11/2025
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets vulnerability<= 1.7.102426/06/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.7.102030/05/2025
- Cross Site Scripting (XSS) vulnerability<= 1.7.101707/05/2025
- Cross Site Scripting (XSS) vulnerability<= 1.3.97716/04/2025
- Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.7.101211/04/2025
- Server Side Request Forgery (SSRF) vulnerability<= 1.7.100611/04/2025
- Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability<= 1.7.100718/02/2025
- Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability<= 1.7.100613/01/2025
- Broken Access Control vulnerability<= 1.7.100119/12/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.7.100119/12/2024
- Cross Site Scripting (XSS) vulnerability<= 1.3.98718/12/2024
- Authenticated (Contributor+) Post Disclosure vulnerability<= 1.7.100327/11/2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget vulnerability<= 1.7.100126/11/2024
- XML External Entity (XXE) vulnerability<= 1.3.98024/10/2024
- Authenticated (Subscriber+) Private Post Disclosure vulnerability<= 1.3.98616/10/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget vulnerability<= 1.3.98608/10/2024
- Cross Site Scripting (XSS) vulnerability<= 1.3.98229/08/2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget vulnerability<= 1.3.98024/07/2024
- Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads vulnerability<= 1.3.97607/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.3.97607/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.3.97503/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget vulnerability<= 1.3.97416/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes vulnerability<= 1.3.97123/04/2024
- IP Bypass vulnerability<= 1.3.9322/04/2024
- Unauthenticated Limited File Upload vulnerability<= 1.3.9422/04/2024
- Cross Site Scripting (XSS) vulnerability<= 1.3.9305/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget vulnerability<= 1.3.9107/03/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.3.8712/02/2024
- Multiple Cross-Site Request Forgery vulnerability<= 1.3.8708/02/2024
- Missing Authorization & Cross-Site Request Forgery via wpr_update_form_action_meta vulnerability<= 1.3.8708/02/2024
- Unauthenticated Arbitrary Post Read vulnerability< 1.3.8108/02/2024
- Unauthenticated Arbitrary File Upload vulnerability<= 1.3.7814/10/2023
- Multiple Cross Site Request Forgery (CSRF)<= 1.3.7522/08/2023
- Reflected Cross Site Scripting (XSS) vulnerability< 1.3.7118/07/2023
- Unauthenticated MailChimp API Key Disclosure vulnerability<= 1.3.7018/07/2023
- Insufficient Access Control to Template Kit Import Vulnerability<= 1.3.5910/01/2023
- Insufficient Access Control to Theme Activation Vulnerability<= 1.3.5910/01/2023
- Insufficient Access Control to Plugin Deactivation Vulnerability<= 1.3.5910/01/2023
- Insufficient Access Control to Menu Settings Update Vulnerability<= 1.3.5910/01/2023
- Insufficient Access Control to Template Conditions Modification Vulnerability<= 1.3.5910/01/2023
- Reflected Cross-Site Scripting Vulnerability<= 1.3.5910/01/2023
- Insufficient Access Control to Template Import Vulnerability<= 1.3.5910/01/2023
- Insufficient Access Control to Import Deletion Vulnerability<= 1.3.5910/01/2023
- Insufficient Access Control to Plugin Activation Vulnerability<= 1.3.5910/01/2023
- Cross-Site Request Forgery to Menu Template creation Vulnerability<= 1.3.5910/01/2023
- Insufficient Access Control to Template Activation Vulnerability<= 1.3.5910/01/2023
- Subscriber+ Arbitrary Post Deletion vulnerability< 1.3.5620/12/2022
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability<= 1.3.3228/02/2022
- Sensitive Information Disclosure vulnerability<= 1.3.3228/02/2022