Royal addons for elementor – addons and templates kit for elementor

This hub aggregates every CVE we track for Royal addons for elementor – addons and templates kit for elementor, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Pluginson-premcms plugin

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM54HIGH4

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Royal addons for elementor – addons and templates kit for elementor.

CVE-2026-8118Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source6.5Jun 19, 2026
CVE-2026-6504Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter6.4May 14, 2026
CVE-2026-5159Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter6.4May 5, 2026
CVE-2026-4803Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta7.2May 5, 2026
CVE-2026-4024Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification5.3May 2, 2026
CVE-2026-6229Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter7.2May 2, 2026
CVE-2026-5428Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field6.4Apr 24, 2026
CVE-2026-5162Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget6.4Apr 17, 2026
CVE-2026-0664Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass6.4Apr 4, 2026
CVE-2026-2373Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure5.3Mar 17, 2026
CVE-2025-13067Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass8.8Mar 11, 2026
CVE-2025-5092Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library6.4Nov 20, 2025
CVE-2025-6251Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Nov 19, 2025
CVE-2025-5338Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets6.4Jun 26, 2025
CVE-2025-3813Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4May 31, 2025

Product normalization is registry-driven with AI assist and human review. How it works