EUVD-2026-27185Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a publicly leaked nonce that allows unauthenticated access to the AJAX handler. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AnalysisAI
Stored Cross-Site Scripting in Royal Elementor Addons WordPress plugin allows unauthenticated remote attackers to inject malicious scripts that execute in victim browsers. The vulnerability exists in all versions up to 1.7.1056 due to a publicly leaked static nonce that bypasses authentication checks for the wpr_update_form_action_meta AJAX endpoint. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the Royal Elementor Addons plugin version 1.7.1056 or earlier to be installed and active on the target WordPress site. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability presents elevated real-world risk despite absence from CISA KEV. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker identifies a WordPress site running Royal Elementor Addons 1.7.1056 through version enumeration. Using the publicly known static nonce value, they craft an HTTP POST request to /wp-admin/admin-ajax.php with action=wpr_update_form_action_meta and inject malicious JavaScript into the 'status' parameter. … |
| Remediation | Immediately upgrade to Royal Elementor Addons version 1.7.1057 or later, which addresses both the nonce weakness and input sanitization issues per changeset 3503219 visible at https://plugins.trac.wordpress.org/changeset/3503219/royal-elementor-addons. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all WordPress instances running Royal Elementor Addons and identify current installed versions via plugin management interface. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new u
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outp
The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthen
Share
External POC / Exploit Code
Leaving vuln.today