Vulnerabilities > Royal Elementor Addons > Royal Elementor Addons > 1.3.982
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-31 | CVE-2024-56062 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.987. | 5.4 |
| 2024-12-31 | CVE-2024-56226 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | 6.1 |
| 2024-12-31 | CVE-2024-56227 | Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | 4.3 |
| 2024-11-28 | CVE-2024-10798 | Authorization Bypass Through User-Controlled Key vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-10-17 | CVE-2024-7417 | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. | 4.3 |
| 2024-10-08 | CVE-2024-8482 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. | 6.4 |