Royal-elementor-addons

Royal Elementor Addons

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-5338

  • EPSS 0.03%
  • Veröffentlicht 26.06.2025 09:22:02
  • Zuletzt bearbeitet 08.07.2025 11:34:52

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. T...

5.4

CVE-2025-3813

  • EPSS 0.05%
  • Veröffentlicht 31.05.2025 07:22:12
  • Zuletzt bearbeitet 11.07.2025 18:54:56

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. ...

5.4

CVE-2025-39361

  • EPSS 0.13%
  • Veröffentlicht 07.05.2025 09:15:19
  • Zuletzt bearbeitet 11.07.2025 15:12:04

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1017.

5.4

CVE-2024-12120

  • EPSS 0.12%
  • Veröffentlicht 07.05.2025 07:21:40
  • Zuletzt bearbeitet 11.07.2025 15:13:02

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization a...

4.9

CVE-2025-26990

  • EPSS 0.16%
  • Veröffentlicht 15.04.2025 11:59:07
  • Zuletzt bearbeitet 08.07.2025 18:20:57

Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons allows Server Side Request Forgery. This issue affects Royal Elementor Addons: from n/a through 1.7.1006.

5.4

CVE-2025-1456

  • EPSS 0.12%
  • Veröffentlicht 12.04.2025 08:22:40
  • Zuletzt bearbeitet 08.07.2025 18:21:58

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient i...

5.4

CVE-2025-1455

  • EPSS 0.12%
  • Veröffentlicht 12.04.2025 08:22:39
  • Zuletzt bearbeitet 08.07.2025 18:29:14

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes i...

8.8

CVE-2025-1441

  • EPSS 0.06%
  • Veröffentlicht 19.02.2025 05:15:12
  • Zuletzt bearbeitet 28.02.2025 19:47:07

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. ...

6.1

CVE-2025-0393

  • EPSS 0.19%
  • Veröffentlicht 14.01.2025 09:15:21
  • Zuletzt bearbeitet 03.03.2025 17:42:59

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. Th...

5.4

CVE-2024-56062

  • EPSS 0.1%
  • Veröffentlicht 31.12.2024 23:15:41
  • Zuletzt bearbeitet 21.03.2025 13:11:19

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.987.