WordPress Plugin Vulnerabilities

Royal Elementor Addons < 1.7.1002 - Reflected Cross-Site Scripting

Description

The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
royal-elementor-addons
Fixed in 1.7.1002

References

CVE
CVE-2024-56226
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/9e860c60-b330-4a6c-8d15-947451af62fc

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
02750974-48dd-4597-8211-44f8adeca480

Timeline

Publicly Published
2024-12-19 (about 1 year ago)
Added
2025-01-13 (about 1 year ago)
Last Updated
2025-01-13 (about 1 year ago)

Other

Published
Title
Published
2019-09-10
Title
SlickQuiz <= 1.3.7.1 - Unauthenticated Stored XSS
Published
2022-02-21
Title
SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting
Published
2026-05-04
Title
Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter
Published
2025-01-07
Title
Slotti Ajanvaraus < 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-04
Title
Daily Image <= 1.0 - Reflected Cross-Site Scripting