Royal Elementor Addons Royal Elementor Addons

  1. Vendors
  2. Royal Elementor Addons

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Royal Elementor Addons product.

RSS Feeds for Royal Elementor Addons security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Royal Elementor Addons products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Royal Elementor Addons Sorted by Most Security Vulnerabilities since 2018

Royal Elementor Addons58 vulnerabilities

Royal Elementor Addons Royal Elementor Kit1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Royal Elementor Addons. Last year, in 2025 Royal Elementor Addons had 9 security vulnerabilities published. Right now, Royal Elementor Addons is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 9 5.95
2024 34 5.79
2023 16 5.23

It may take a day or so for new Royal Elementor Addons vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Royal Elementor Addons Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-5338 Jun 26, 2025
Royal Elementor Addons: Stored XSS up to v1.7.1024 The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1028 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Royal Elementor Addons
CVE-2025-3813 May 31, 2025
Royal Elementor Addons v1.7.1020 XSS via _elementor_data The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Royal Elementor Addons
CVE-2025-39361 May 07, 2025
CVE-2025-39361 WordPress XSS in Royal Elementor Addons <=1.7.1017 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1017.
Royal Elementor Addons
CVE-2024-12120 May 07, 2025
WordPress RElementor Addons XSS via Countdown Widget <=1.7.1017 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Royal Elementor Addons
CVE-2025-26990 Apr 15, 2025
SSRF in Royal Elementor Addons <=1.7.1006 Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1006.
Royal Elementor Addons
CVE-2025-1455 Apr 12, 2025
Stored XSS in Royal Elementor Addons (v<=1.7.1012) via Woo Grid widget The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Royal Elementor Addons
CVE-2025-1456 Apr 12, 2025
Stored XSS in Royal Elementor <=1.7.1012 via widgetGrid/CountDown/InstagramFeed The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Royal Elementor Addons
CVE-2025-1441 Feb 19, 2025
WP Royal Elementor Addons CSRF v1.7.1007 Unauth The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Royal Elementor Addons
CVE-2025-0393 Jan 14, 2025
CSRF in Royal Elementor Addons <=1.7.1006 (wpr_filter_grid_posts()) The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Royal Elementor Addons
CVE-2024-56062 Dec 31, 2024
WP Royal Elementor Addons 1.3.987: Stored XSS (CVE-2024-56062) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.3.987.
Royal Elementor Addons
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.