CVE Tools

wproyal

Web & CMS Pluginscommercial

26

Cumulative CVEs

3

Monthly snapshots

#59

Peak rank

Top products

royal addons for elementor – addons and templates kit for elementor4 ashe1 bard1

Latest CVEs

The 15 most recently published vulnerabilities affecting wproyal.

CVE-2026-8118Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source6.5Jun 19, 2026
CVE-2026-6504Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter6.4May 14, 2026
CVE-2026-25436WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability5.3May 7, 2026
CVE-2026-27421WordPress Royal Elementor Addons plugin < 1.7.1053 - Cross Site Scripting (XSS) vulnerability6.5May 7, 2026
CVE-2026-5159Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter6.4May 5, 2026
CVE-2026-4803Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta7.2May 5, 2026
CVE-2026-4024Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification5.3May 2, 2026
CVE-2026-6229Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter7.2May 2, 2026
CVE-2026-5428Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field6.4Apr 24, 2026
CVE-2026-5162Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget6.4Apr 17, 2026
CVE-2026-4305Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter6.1Apr 10, 2026
CVE-2026-39627WordPress Ashe theme <= 2.266 - Broken Access Control vulnerability4.3Apr 8, 2026
CVE-2026-0664Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass6.4Apr 4, 2026
CVE-2026-24382WordPress News Magazine X theme <= 1.2.50 - Broken Access Control vulnerability7.5Mar 25, 2026
CVE-2026-2373Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure5.3Mar 17, 2026