CVE-2025-5338

< 1.7.1025

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions

6.4MEDIUM

CVE-2025-3813

< 1.7.1021

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_d

6.4MEDIUM

CVE-2025-39361

< 1.7.1018

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Elementor Add

6.5MEDIUM

CVE-2024-12120

< 1.7.1018

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widge

5.4MEDIUM

CVE-2025-26990

< 1.7.1007

Server-Side Request Forgery (SSRF) vulnerability in WP Royal Elementor Addons royal-elementor-addons allows Server Side Requ

4.4MEDIUM

CVE-2025-1456

< 1.7.1013

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widgetGrid, `

6.4MEDIUM

CVE-2025-1455

< 1.7.1013

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget

6.4MEDIUM

CVE-2025-1441

<= 1.7.1007

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

6.1MEDIUM

CVE-2025-0393

<= 1.7.1006

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

6.1MEDIUM

CVE-2024-56062

<= 1.3.987

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Elementor Add

6.5MEDIUM

CVE-2024-56227

< 1.7.1002

Missing Authorization vulnerability in WP Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Config

4.3MEDIUM

CVE-2024-56226

< 1.7.1002

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Elementor Add

7.1HIGH

CVE-2024-10798

<= 1.7.1003

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and inc

4.3MEDIUM

CVE-2024-9682

< 1.7.1002

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form B

6.4MEDIUM

CVE-2024-9668

< 1.7.1002

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countd

6.4MEDIUM

CVE-2024-9059

< 1.7.1002

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps wid

6.4MEDIUM

CVE-2024-50442

< 1.3.981

Improper Restriction of XML External Entity Reference vulnerability in WP Royal Elementor Addons royal-elementor-addons allo

6.5MEDIUM

CVE-2024-7417

<= 1.3.986

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and inc

4.3MEDIUM

CVE-2024-8482

< 1.3.987

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ param

6.4MEDIUM

CVE-2024-44001

<= 1.3.982

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Elementor Add

6.5MEDIUM

CVE-2024-5818

< 1.3.981

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugi

6.4MEDIUM

CVE-2024-4489

< 1.3.977

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_uploa

6.4MEDIUM

CVE-2024-4488

< 1.3.977

The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ para

6.4MEDIUM

CVE-2024-4342

< 1.3.976

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image

6.4MEDIUM

CVE-2024-4087

< 1.3.976

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back t

6.4MEDIUM

CVE-2024-32786

< 1.3.95

Authentication Bypass by Spoofing vulnerability in WP Royal Elementor Addons allows Functionality Bypass.This issue affects

5.3MEDIUM

CVE-2024-3887

< 1.3.975

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder wi

5.4MEDIUM

CVE-2024-3675

< 1.3.972

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip C

6.4MEDIUM

CVE-2024-1567

< 1.3.95

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type valid

8.2HIGH

CVE-2024-3889

< 1.3.972

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanc

6.4MEDIUM

CVE-2024-2799

< 1.3.97

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Ad

6.4MEDIUM

CVE-2024-2798

< 1.3.972

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget

6.4MEDIUM

CVE-2024-31236

< 1.3.94

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Elementor Add

6.5MEDIUM

CVE-2024-1500

< 1.3.92

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in

5.4MEDIUM

CVE-2024-0516

< 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing

5.3MEDIUM

CVE-2024-0515

< 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

4.3MEDIUM

CVE-2024-0514

< 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

4.3MEDIUM

CVE-2024-0513

< 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

4.3MEDIUM

CVE-2024-0512

< 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

4.3MEDIUM

CVE-2024-0442

< 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL paramet

6.4MEDIUM

CVE-2024-0511

< 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

4.3MEDIUM

CVE-2024-0835

<= 1.0.116

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability c

4.3MEDIUM

CVE-2023-5922

< 1.3.81

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX act

7.5HIGH

CVE-2023-5360

< 1.3.79

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could all

9.8CRITICAL

CVE-2022-47175

<= 1.3.75

Cross-Site Request Forgery (CSRF) vulnerability in P Royal Elementor Addons and Templates plugin <= 1.3.75 versions.

4.3MEDIUM

CVE-2023-3709

<= 1.3.70

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and includi

5.3MEDIUM

CVE-2022-4711

< 1.3.60

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings'

4.3MEDIUM

CVE-2022-4710

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including,

6.1MEDIUM

CVE-2022-4709

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template'

4.3MEDIUM

CVE-2022-4708

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions'

4.3MEDIUM

CVE-2022-4707

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.

4.3MEDIUM

CVE-2022-4705

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJA

4.3MEDIUM

CVE-2022-4704

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJA

5.4MEDIUM

CVE-2022-4703

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJ

4.3MEDIUM

CVE-2022-4702

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility'

5.4MEDIUM

CVE-2022-4701

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins

4.3MEDIUM

CVE-2022-4700

<= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme'

5.4MEDIUM

CVE-2022-4103

< 1.3.56

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, an

4.3MEDIUM

CVE-2022-4102

< 1.3.56

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and

3.1LOW