Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wproyal — Vulnerabilities & Security Advisories 67

Browse all 67 CVE security advisories affecting wproyal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wproyal operates as a provider of web-based management and monitoring solutions, primarily targeting industrial control systems and network infrastructure. The software suite has historically been associated with a significant volume of security flaws, currently totaling 65 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and improper access control mechanisms that facilitate privilege escalation. These defects often stem from insufficient input validation and weak authentication protocols within the administrative interfaces. Notable incidents involve the exploitation of these flaws to gain unauthorized system access, potentially allowing attackers to disrupt critical operations or exfiltrate sensitive data. The high frequency of disclosed vulnerabilities suggests systemic issues in the development lifecycle, necessitating rigorous patch management and network segmentation to mitigate risks associated with this specific vendor’s ecosystem.

Top products by wproyal: Royal Addons for Elementor – Addons and Templates Kit for Elementor Bard Ashe News Magazine X Royal Elementor Addons Royal Elementor Kit Bard Extra Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely
CVE IDTitleCVSSSeverityPublished
CVE-2024-9682 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-9668 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-9059 Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-11-13
CVE-2024-7417 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-200 4.3 Medium2024-10-17
CVE-2024-8482 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-10-08
CVE-2024-5818 Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-07-24
CVE-2024-4488 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-06-07
CVE-2024-4489 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-06-07
CVE-2024-4087 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-06-01
CVE-2024-4342 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-06-01
CVE-2024-3887 Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 5.4 Medium2024-05-16
CVE-2024-1567 Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-434 8.2 High2024-05-02
CVE-2024-3675 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-05-02
CVE-2024-3889 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-04-23
CVE-2024-2798 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-04-23
CVE-2024-2799 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-04-23
CVE-2024-1500 Royal Elementor Addons and Templates <= 1.3.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 5.4 Medium2024-03-07
CVE-2024-0516 Royal Elementor Addons and Templates <= 1.3.87 - Missing Authorization via wpr_update_form_action_meta — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 5.3 Medium2024-02-20
CVE-2024-0512 Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_wishlist — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 4.3 Medium2024-02-20
CVE-2024-0514 Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_compare — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 4.3 Medium2024-02-20
CVE-2024-0515 Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_compare — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 4.3 Medium2024-02-20
CVE-2024-0513 Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_wishlist — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 4.3 Medium2024-02-20
CVE-2024-0442 Royal Elementor Addons and Templates <= 1.3.87 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.4 Medium2024-02-20
CVE-2024-0511 Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via wpr_update_form_action_meta — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 4.3 Medium2024-02-08
CVE-2024-0835 Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update — Royal Elementor KitCWE-862 4.3 Medium2024-02-05
CVE-2023-3709 Royal Elementor Addons <=1.3.70 - Unauthenticated MailChimp API Key Disclosure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-200 5.3 Medium2023-07-18
CVE-2022-4707 Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 4.3 Medium2023-01-10
CVE-2022-4701 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-285 4.3 Medium2023-01-10
CVE-2022-4703 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-284 4.3 Medium2023-01-10
CVE-2022-4705 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-284 4.3 Medium2023-01-10

This page lists every published CVE security advisory associated with wproyal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.