Royal-elementor-addons

Royal Elementor Addons

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-5338

  • EPSS 0.06%
  • Veröffentlicht 26.06.2025 09:22:02
  • Zuletzt bearbeitet 08.04.2026 17:20:47

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1028 due to insufficient input sanitization and output escaping on user supplied attributes. T...

5.4

CVE-2025-3813

  • EPSS 0.16%
  • Veröffentlicht 31.05.2025 07:22:12
  • Zuletzt bearbeitet 11.07.2025 18:54:56

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. ...

5.4

CVE-2025-39361

  • EPSS 0.13%
  • Veröffentlicht 07.05.2025 09:15:19
  • Zuletzt bearbeitet 01.04.2026 17:22:55

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1017.

5.4

CVE-2024-12120

  • EPSS 0.12%
  • Veröffentlicht 07.05.2025 07:21:40
  • Zuletzt bearbeitet 11.07.2025 15:13:02

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization a...

4.9

CVE-2025-26990

  • EPSS 0.22%
  • Veröffentlicht 15.04.2025 11:59:07
  • Zuletzt bearbeitet 01.04.2026 17:19:18

Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1006.

5.4

CVE-2025-1456

  • EPSS 0.12%
  • Veröffentlicht 12.04.2025 08:22:40
  • Zuletzt bearbeitet 08.07.2025 18:21:58

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient i...

5.4

CVE-2025-1455

  • EPSS 0.12%
  • Veröffentlicht 12.04.2025 08:22:39
  • Zuletzt bearbeitet 08.07.2025 18:29:14

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes i...

8.8

CVE-2025-1441

  • EPSS 0.19%
  • Veröffentlicht 19.02.2025 05:15:12
  • Zuletzt bearbeitet 28.02.2025 19:47:07

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. ...

6.1

CVE-2025-0393

  • EPSS 0.23%
  • Veröffentlicht 14.01.2025 09:15:21
  • Zuletzt bearbeitet 03.03.2025 17:42:59

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. Th...

5.4

CVE-2024-56062

  • EPSS 0.15%
  • Veröffentlicht 31.12.2024 23:15:41
  • Zuletzt bearbeitet 01.04.2026 16:21:32

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.3.987.