Testa din hemsida →
Royal Addons for Elementor – Addons and Templates Kit for Elementor ikon

Royal Addons for Elementor – Addons and Templates Kit for Elementor

4.8/5
600 000+ installationer

Elementor Post Grid, Portfolio, Woocommerce Grid builder Widgets. Slider, Carousel, Form, Testimonial, Gallery, Nav menu addons, Elementor widgets &am …

60
Kända sårbarheter
8
Kritiska / höga
2026-02-26
Senaste sårbarhet
600 000+
Aktiva installationer

Om Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor är ett populärt tillägg som utökar Elementor-sidbyggaren med extra widgets och mallar. Med över 600 000 aktiva installationer erbjuder det funktioner som produktgallerier, portfolios, sliders och formulär – särskilt användbart för WooCommerce-sajter.

Säkerhetsläget

Tillägget har dokumenterat 49 kända sårbarheter, vilket är en betydande siffra. Fördelningen visar att majoriteten (40 stycken) klassas som "medium" risk, medan 2 sårbarheter bedöms som "critical". Den senaste rapporterade sårbarheten upptäcktes så sent som november 2024, vilket indikerar pågående säkerhetsutmaningar.

Praktiska konsekvenser

Critical och high-risk sårbarheter kan potentiellt ge obehöriga tillgång till din webbplats eller möjliggöra skadlig kod. Medium-risk sårbarheter kan användas i kombinationsattacker eller för informationsläckage.

Våra rekommendationer

  • Kontrollera att du kör den senaste versionen av tillägget
  • Överväg alternativa Elementor-tillägg med bättre säkerhetshistorik
  • Implementera extra säkerhetslager som brandväggar och säkerhetskopiering
  • Övervaka tilläggets säkerhetsuppdateringar aktivt

Regelbundna uppdateringar är det mest effektiva skyddet mot kända sårbarheter. Vi rekommenderar att alltid hålla både WordPress-kärnan och alla tillägg uppdaterade.

Använder du Royal Addons for Elementor – Addons and Templates Kit for Elementor?

Kör ett gratis test och se om din hemsida är påverkad av dessa sårbarheter.

Testa din hemsida

Alla kända sårbarheter

Medel CVE-2026-28135

Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization

Påverkade versioner: <= 1.7.1049

Medel CVE-2025-11363

Royal Elementor Addons and Templates <= 1.7.1036 - Missing Authorization to Unauthenticated Media File Upload

Påverkade versioner: <= 1.7.1036

Medel CVE-2025-6251

CVE-2025-6251: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item['field_id'] in all versions up to, and including, 1.7.1036 due to insufficient i...

Påverkade versioner: all

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item['field_id'] in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it...

Medel CVE-2025-6251

Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting

Påverkade versioner: <= 1.7.1036

Medel CVE-2025-5338

CVE-2025-5338: The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitizati...

Påverkade versioner: < 1.7.1025

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. T...

Medel CVE-2025-5338

Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets

Påverkade versioner: <= 1.7.1028

Medel CVE-2025-3813

CVE-2025-3813: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due...

Påverkade versioner: < 1.7.1021

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping....

Medel CVE-2025-3813

Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting

Påverkade versioner: <= 1.7.1020

Medel CVE-2024-12120

CVE-2024-12120: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and includi...

Påverkade versioner: < 1.7.1018

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization a...

Medel CVE-2025-39361

Royal Elementor Addons <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting

Påverkade versioner: <= 1.7.1017

Medel CVE-2024-12120

Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting

Påverkade versioner: <= 1.7.1017

Medel CVE-2025-39543

Royal Elementor Addons <= 1.3.977 - Authenticated (Contributor+) Stored Cross-Site Scripting

Påverkade versioner: <= 1.3.977

Medel CVE-2025-1456

CVE-2025-1456: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions...

Påverkade versioner: < 1.7.1013

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient i...

Medel CVE-2025-1455

CVE-2025-1455: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient...

Påverkade versioner: < 1.7.1013

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes i...

Medel CVE-2025-26990

Royal Elementor Addons <= 1.7.1006 - Authenticated (Admin+) Server Side Request Forgery

Påverkade versioner: <= 1.7.1006

Medel CVE-2025-1455

Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting

Påverkade versioner: <= 1.7.1012

Medel CVE-2025-1456

Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting

Påverkade versioner: <= 1.7.1012

Hög CVE-2025-1441

CVE-2025-1441: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce v...

Påverkade versioner: <= 1.7.1007

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function....

Medel CVE-2025-0393

CVE-2025-0393: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce v...

Påverkade versioner: <= 1.7.1006

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. Th...

Medel CVE-2024-10798

CVE-2024-10798: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficie...

Påverkade versioner: <= 1.7.1003

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This...

Medel CVE-2024-9682

CVE-2024-9682: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to...

Påverkade versioner: < 1.7.1002

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping...

Medel CVE-2024-9668

CVE-2024-9668: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to in...

Påverkade versioner: < 1.7.1002

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on...

Medel CVE-2024-9059

CVE-2024-9059: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insuffici...

Påverkade versioner: < 1.7.1002

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This make...

Medel CVE-2024-7417

CVE-2024-7417: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for auth...

Påverkade versioner: <= 1.3.986

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and...

Medel CVE-2024-8482

CVE-2024-8482: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insuffici...

Påverkade versioner: < 1.3.987

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it...

Medel CVE-2024-5818

CVE-2024-5818: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and includin...

Påverkade versioner: < 1.3.981

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and...

Medel CVE-2024-4489

CVE-2024-4489: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due t...

Påverkade versioner: < 1.3.977

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. Th...

Medel CVE-2024-4488

CVE-2024-4488: The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient...

Påverkade versioner: < 1.3.977

The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it po...

Medel CVE-2024-4342

CVE-2024-4342: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini car...

Påverkade versioner: < 1.3.976

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.9...

Medel CVE-2024-4087

CVE-2024-4087: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to i...

Påverkade versioner: < 1.3.976

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on...

Medel CVE-2024-3887

CVE-2024-3887: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insuffici...

Påverkade versioner: < 1.3.975

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user su...

Medel CVE-2024-3675

CVE-2024-3675: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all vers...

Påverkade versioner: < 1.3.972

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficien...

Kritisk CVE-2024-1567

CVE-2024-1567: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and in...

Påverkade versioner: < 1.3.95

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthent...

Medel CVE-2024-3889

CVE-2024-3889: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 d...

Påverkade versioner: < 1.3.972

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output esca...

Medel CVE-2024-2799

CVE-2024-2799: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, ...

Påverkade versioner: < 1.3.97

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and out...

Medel CVE-2024-2798

CVE-2024-2798: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to in...

Påverkade versioner: < 1.3.972

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on...

Medel CVE-2024-1500

CVE-2024-1500: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input...

Påverkade versioner: < 1.3.92

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied UR...

Medel CVE-2024-0516

CVE-2024-0516: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all...

Påverkade versioner: < 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it...

Medel CVE-2024-0515

CVE-2024-0515: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce val...

Påverkade versioner: < 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This mak...

Medel CVE-2024-0514

CVE-2024-0514: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce val...

Påverkade versioner: < 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it...

Medel CVE-2024-0513

CVE-2024-0513: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce val...

Påverkade versioner: < 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This ma...

Medel CVE-2024-0512

CVE-2024-0512: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce val...

Påverkade versioner: < 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes i...

Medel CVE-2024-0442

CVE-2024-0442: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficien...

Påverkade versioner: < 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes...

Medel CVE-2024-0511

CVE-2024-0511: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce val...

Påverkade versioner: < 1.3.88

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function....

Hög CVE-2023-5922

CVE-2023-5922: The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the ...

Påverkade versioner: < 1.3.81

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to acc...

Kritisk CVE-2023-5360

CVE-2023-5360: The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and...

Påverkade versioner: < 1.3.79

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

Medel CVE-2023-3709

CVE-2023-3709: The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code ...

Påverkade versioner: <= 1.3.70

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes i...

Medel CVE-2022-4711

CVE-2022-4711: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows a...

Påverkade versioner: < 1.3.60

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscribe...

Medel CVE-2022-4710

CVE-2022-4710: The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output es...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter...

Medel CVE-2022-4709

CVE-2022-4709: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows a...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscribe...

Medel CVE-2022-4708

CVE-2022-4708: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows ...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscrib...

Medel CVE-2022-4707

CVE-2022-4707: The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenti...

Medel CVE-2022-4705

CVE-2022-4705: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any ...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-l...

Hög CVE-2022-4704

CVE-2022-4704: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any ...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-l...

Hög CVE-2022-4703

CVE-2022-4703: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-...

Medel CVE-2022-4702

CVE-2022-4702: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows a...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscribe...

Hög CVE-2022-4701

CVE-2022-4701: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscri...

Hög CVE-2022-4700

CVE-2022-4700: The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows a...

Påverkade versioner: <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscribe...

Låg CVE-2022-4102

CVE-2022-4102: The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This co...

Påverkade versioner: < 1.3.56

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscriber...

Medel CVE-2022-4103

CVE-2022-4103: The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could a...

Påverkade versioner: < 1.3.56

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to c...

Så skyddar du din sajt

Sårbarheter i tillägg är den vanligaste attackytan för WordPress-sajter. Det bästa skyddet är att vara proaktiv — här är tre konkreta steg.

Håll tillägget uppdaterat

De flesta sårbarheter i Royal Addons for Elementor – Addons and Templates Kit for Elementor åtgärdas snabbt av utvecklarna. Uppdatera alltid till senaste versionen.

Ta bort oanvända tillägg

Varje tillägg är en potentiell attackyta. Avinstallera det du inte aktivt använder.

Bevaka automatiskt

Med löpande övervakning upptäcker du problem innan de blir allvarliga.

Vill du slippa hålla koll själv? Med ett supportavtal från Sitesupport sköter vi uppdateringar och säkerhet åt dig.

Vanliga frågor om Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor har 60 kända sårbarheter, varav 8 med hög eller kritisk allvarlighetsgrad. Det betyder inte nödvändigtvis att tillägget är osäkert — de flesta sårbarheter åtgärdas i nya versioner. Det viktigaste är att alltid köra den senaste versionen.
Det enklaste sättet är att köra ett gratis test av din hemsida på sitesupport.co. Testet kontrollerar vilka tillägg du använder och vilka versioner som är installerade, och jämför det mot kända sårbarheter.
Uppdatera till den senaste versionen så snart som möjligt. Om det inte finns en uppdatering som åtgärdar problemet bör du överväga att tillfälligt inaktivera tillägget, särskilt om sårbarheten har kritisk eller hög allvarlighetsgrad.
Royal Addons for Elementor – Addons and Templates Kit for Elementor har över 600 000 aktiva installationer på WordPress.org och ett betyg på 4.8 av 5. Populära tillägg har generellt bättre säkerhetsrutiner tack vare större community och fler ögon på koden.

Andra tillägg med kända sårbarheter

Ninja Forms – The Contact Form Builder That Grows With You
58 sårbarheter
Booking Calendar
56 sårbarheter
Newsletter – Send awesome emails from WordPress
56 sårbarheter
Elementor Website Builder – More Than Just a Page Builder
55 sårbarheter
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
54 sårbarheter
WooCommerce
52 sårbarheter

Hur mår din hemsida?

Kör ett gratis test och se hur din sajt presterar inom SEO, säkerhet, prestanda och tillgänglighet — på under en minut.

Testa gratis

Inget konto krävs