Royal Elementor Addons Pro
Monthly
Unauthenticated reflected/stored cross-site scripting in Royal Elementor Addons Pro WordPress plugin versions prior to 1.7.1041 allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or page. No public exploit identified at time of analysis, but the unauthenticated nature combined with the popularity of Elementor-ecosystem plugins makes this a credible threat to WordPress sites running the Pro variant. Patchstack disclosure indicates a fixed version is available.
Unauthenticated reflected/stored cross-site scripting in Royal Elementor Addons Pro WordPress plugin versions prior to 1.7.1041 allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or page. No public exploit identified at time of analysis, but the unauthenticated nature combined with the popularity of Elementor-ecosystem plugins makes this a credible threat to WordPress sites running the Pro variant. Patchstack disclosure indicates a fixed version is available.