Royal Elementor Addons
WP Royal
Developer
1.7.1039
Latest version
600,000
Installations
4 days ago
Last updated
Vulnerability history
0 present
49 fixed
18 Mitigation rules
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets vulnerability<= 1.7.1024Jun 26, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.7.1020May 30, 2025
- Cross Site Scripting (XSS) vulnerability<= 1.7.1017May 7, 2025
- Cross Site Scripting (XSS) vulnerability<= 1.3.977Apr 16, 2025
- Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.7.1012Apr 11, 2025
- Server Side Request Forgery (SSRF) vulnerability<= 1.7.1006Apr 11, 2025
- Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability<= 1.7.1007Feb 18, 2025
- Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability<= 1.7.1006Jan 13, 2025
- Broken Access Control vulnerability<= 1.7.1001Dec 19, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.7.1001Dec 19, 2024
- Cross Site Scripting (XSS) vulnerability<= 1.3.987Dec 18, 2024
- Authenticated (Contributor+) Post Disclosure vulnerability<= 1.7.1003Nov 27, 2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget vulnerability<= 1.7.1001Nov 26, 2024
- XML External Entity (XXE) vulnerability<= 1.3.980Oct 24, 2024
- Authenticated (Subscriber+) Private Post Disclosure vulnerability<= 1.3.986Oct 16, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget vulnerability<= 1.3.986Oct 8, 2024
- Cross Site Scripting (XSS) vulnerability<= 1.3.982Aug 29, 2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget vulnerability<= 1.3.980Jul 24, 2024
- Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads vulnerability<= 1.3.976Jun 7, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.3.976Jun 7, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.3.975Jun 3, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget vulnerability<= 1.3.974May 16, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes vulnerability<= 1.3.971Apr 23, 2024
- IP Bypass vulnerability<= 1.3.93Apr 22, 2024
- Unauthenticated Limited File Upload vulnerability<= 1.3.94Apr 22, 2024
- Cross Site Scripting (XSS) vulnerability<= 1.3.93Apr 5, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget vulnerability<= 1.3.91Mar 7, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 1.3.87Feb 12, 2024
- Multiple Cross-Site Request Forgery vulnerability<= 1.3.87Feb 8, 2024
- Missing Authorization & Cross-Site Request Forgery via wpr_update_form_action_meta vulnerability<= 1.3.87Feb 8, 2024
- Unauthenticated Arbitrary Post Read vulnerability< 1.3.81Feb 8, 2024
- Unauthenticated Arbitrary File Upload vulnerability<= 1.3.78Oct 14, 2023
- Multiple Cross Site Request Forgery (CSRF)<= 1.3.75Aug 22, 2023
- Reflected Cross Site Scripting (XSS) vulnerability< 1.3.71Jul 18, 2023
- Unauthenticated MailChimp API Key Disclosure vulnerability<= 1.3.70Jul 18, 2023
- Insufficient Access Control to Template Kit Import Vulnerability<= 1.3.59Jan 10, 2023
- Insufficient Access Control to Theme Activation Vulnerability<= 1.3.59Jan 10, 2023
- Insufficient Access Control to Plugin Deactivation Vulnerability<= 1.3.59Jan 10, 2023
- Insufficient Access Control to Menu Settings Update Vulnerability<= 1.3.59Jan 10, 2023
- Insufficient Access Control to Template Conditions Modification Vulnerability<= 1.3.59Jan 10, 2023
- Reflected Cross-Site Scripting Vulnerability<= 1.3.59Jan 10, 2023
- Insufficient Access Control to Template Import Vulnerability<= 1.3.59Jan 10, 2023
- Insufficient Access Control to Import Deletion Vulnerability<= 1.3.59Jan 10, 2023
- Insufficient Access Control to Plugin Activation Vulnerability<= 1.3.59Jan 10, 2023
- Cross-Site Request Forgery to Menu Template creation Vulnerability<= 1.3.59Jan 10, 2023
- Insufficient Access Control to Template Activation Vulnerability<= 1.3.59Jan 10, 2023
- Subscriber+ Arbitrary Post Deletion vulnerability< 1.3.56Dec 20, 2022
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability<= 1.3.32Feb 28, 2022
- Sensitive Information Disclosure vulnerability<= 1.3.32Feb 28, 2022