Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
royal-elementor-addons royal elementor addons vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2024-4488
The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authent...
Royal-elementor-addons Royal Elementor Addons
5.4
CVSSv3
CVE-2024-4489
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possib...
Royal-elementor-addons Royal Elementor Addons
3.1
CVSSv3
CVE-2022-4102
The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4103
The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2024-0511
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for una...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-47175
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
Royal-elementor-addons Royal Elementor Addons
6.1
CVSSv3
CVE-2022-4710
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_f...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-4701
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permission...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
9.8
CVSSv3
CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Royal-elementor-addons Royal Elementor Addons
12 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »