WordPress Plugin Vulnerabilities

Royal Elementor Addons < 1.7.1057 - Unauthenticated Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function, allowing unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
royal-elementor-addons
Fixed in 1.7.1057

References

CVE
CVE-2026-40763
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0c7a23b2-0d42-4e35-94aa-4cd6e25d8a9b

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Bao - BlueRock
Verified
No
WPVDB ID
982eb9e9-42ac-4774-a6af-a839dd47ce4d

Timeline

Publicly Published
2026-03-31 (about 1 month ago)
Added
2026-05-08 (about 5 days ago)
Last Updated
2026-05-08 (about 5 days ago)

Other

Published
Title
Published
2024-06-11
Title
Newsletter - API v1 and v2 addon for Newsletter < 2.4.6 - Missing Authorization to Email Subscribers Management
Published
2024-02-08
Title
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin < 3.3.51 - Missing Authorization to Unauthenticated Events Export
Published
2026-01-27
Title
Rupantorpay <= 2.0.0 - Missing Authorization to Unauthenticated Order Status Modification
Published
2024-03-28
Title
WooCommerce Multilingual & Multicurrency < 5.3.5 - Missing Authorization
Published
2025-01-24
Title
12 Step Meeting List < 3.16.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion