Medium 5.3
2026-05-07< 1.7.1053
CVE-2026-25436
Royal Addons for Elementor – Addons and Templates Kit for Elementor
Minimum safe version
1.7.1058
Update to 1.7.1058 or later to address 78 fixable vulnerabilities
Latest available1.7.1059 ✓Affected up to1.3.75 ⚠
Medium 6.5
2026-05-07< 1.7.1053
CVE-2026-27421
High 7.2
2026-05-05< 1.7.1057
CVE-2026-4803
Medium 6.4
2026-05-05< 1.7.1057
CVE-2026-5159
Medium 5.3
2026-05-02< 1.7.1057
CVE-2026-4024
High 7.2
2026-05-02< 1.7.1058
CVE-2026-6229
Medium 6.4
2026-04-24< 1.7.1057
CVE-2026-5428
N/A
2025-11-19< 1.7.1032
Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library
N/A
2025-11-18< 1.7.1037
Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting
Medium 6.4
2026-04-17< 1.7.1057
CVE-2026-5162
Medium 5.3
2026-04-16< 1.7.1057
CVE-2026-40763
N/A
2026-03-16< 1.7.1050
Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure
N/A
2026-04-03< 1.7.1050
Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass
High 8.8
2026-03-11< 1.7.1050
CVE-2025-13067
High 8.2
2026-03-05< 1.7.1053
CVE-2026-28135
Medium 5.3
2025-12-15< 1.7.1037
CVE-2025-11363
Medium 6.4
2025-06-26< 1.7.1029
Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets
Medium 6.4
2025-05-31< 1.7.1021
Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting
Medium 6.5
2025-05-07< 1.7.1018
CVE-2025-39361
Medium 5.4
2025-05-07< 1.7.1018
CVE-2024-12120
Medium 6.5
2025-04-16< 1.3.979
CVE-2025-39543
Medium 4.4
2025-04-15< 1.7.1007
CVE-2025-26990
Medium 6.4
2025-04-12< 1.7.1013
Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting
Medium 6.4
2025-04-12< 1.7.1013
Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting
Medium 6.1
2025-02-19< 1.7.1008
Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Medium 6.1
2025-01-13< 1.7.1007
Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Medium 4.3
2024-12-31< 1.7.1002
CVE-2024-56227
High 7.1
2024-12-31< 1.7.1002
CVE-2024-56226
Medium 6.5
2024-12-31< 1.7.1
CVE-2024-56062
Medium 4.3
2024-11-28< 1.7.1004
CVE-2024-10798
Medium 6.3
2024-10-16< 1.3.33
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 5.4
2024-11-13< 1.7.1002
CVE-2024-9059
Medium 5.4
2024-11-26< 1.7.1002
WordPress Royal Elementor Addons Plugin <= 1.7.1001 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2024-11-13< 1.7.1002
CVE-2024-9668
Medium 6.5
2024-10-28< 1.3.981
CVE-2024-50442
Medium 4.3
2024-10-17< 1.3.987
CVE-2024-7417
Medium 6.4
2024-10-08< 1.3.987
CVE-2024-8482
Medium 6.5
2024-09-17< 1.3.985
CVE-2024-44001
Medium 5.4
2024-07-24< 1.3.981
CVE-2024-5818
Medium 5.4
2024-06-07< 1.3.977
CVE-2024-4489
Medium 5.4
2024-06-07< 1.3.977
CVE-2024-4488
Medium 5.4
2024-06-01< 1.3.976
CVE-2024-4087
Medium 5.4
2024-06-03< 1.3.976
WordPress Royal Elementor Addons Plugin <= 1.3.975 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2024-05-16< 1.3.975
CVE-2024-3887
Critical 9.8
2024-05-17< 1.3.95
CVE-2024-32786
Medium 6.4
2024-05-02< 1.3.972
CVE-2024-3675
Medium 6.5
2024-04-23< 1.3.972
CVE-2024-2798
Medium 6.4
2024-04-23< 1.3.972
CVE-2024-2799
Medium 6.4
2024-04-23< 1.3.972
CVE-2024-3889
Critical 9.8
2024-05-02< 1.3.95
CVE-2024-1567
Medium 5.4
2024-04-07< 1.3.95
CVE-2024-31236
Medium 5.4
2024-03-07< 1.3.92
CVE-2024-1500
Medium 4.3
2024-02-20< 1.3.88
CVE-2024-0515
Medium 4.3
2024-02-20< 1.3.88
CVE-2024-0513
Medium 4.3
2024-02-20< 1.3.88
CVE-2024-0514
Medium 5.3
2024-02-20< 1.3.88
CVE-2024-0516
Medium 4.3
2024-02-20< 1.3.88
CVE-2024-0512
Medium 6.4
2024-02-20< 1.3.88
CVE-2024-0442
Medium 4.3
2024-02-08< 1.3.88
CVE-2024-0511
High 7.5
2024-01-16< 1.3.81
CVE-2023-5922
Critical 9.8
2023-11-22< 1.3.79
WordPress Royal Elementor Addons Plugin 1.4.78 is vulnerable to Arbitrary File Upload
Medium 4.3
2023-10-06≤ 1.3.75
CVE-2022-47175
N/A
2023-07-18< 1.3.71
WordPress Royal Elementor Addons Plugin < 1.3.71 is vulnerable to Cross Site Scripting (XSS)
Medium 5.3
2023-07-18< 1.3.71
CVE-2023-3709
High 8.8
2023-01-10< 1.3.60
CVE-2022-4700
Medium 4.3
2023-01-10< 1.3.60
CVE-2022-4711
High 8.8
2023-01-10< 1.3.60
CVE-2022-4701
Medium 6.5
2023-01-10< 1.3.60
CVE-2022-4702
Medium 4.3
2023-01-10< 1.3.60
CVE-2022-4705
Medium 6.5
2023-01-10< 1.3.60
CVE-2022-4708
Medium 6.5
2023-01-10< 1.3.60
CVE-2022-4707
Medium 6.5
2023-01-10< 1.3.60
CVE-2022-4709
High 8.1
2023-01-10< 1.3.60
CVE-2022-4703
High 8.1
2023-01-10< 1.3.60
CVE-2022-4704
Medium 6.1
2023-01-10< 1.3.60
CVE-2022-4710
Medium 4.3
2023-01-09< 1.3.56
CVE-2022-4103
Low 3.1
2023-01-09< 1.3.56
CVE-2022-4102
N/A
2022-03-04< 1.3.33
Freemius SDK <= 2.4.2 - Missing Authorization Checks
N/A
2022-12-06< 1.3.56
Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery