CVE-2025-3813 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions u…
Medium CVSS: 6.4

CVE-2025-3813

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Vendor
Royal-elementor-addons
Product
Royal Elementor Addons
CWE
CWE-79
Yayın Tarihi
2025-05-31 08:15:20
Güncelleme
2025-07-11 18:54:56
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-79 Royal Elementor Addons MEDIUM Royal-elementor-addons 2025

Referanslar

https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1021/classes/modules/forms/wpr-submissions-cpt.php?rev=3301438 https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/classes/modules/forms/wpr-submissions-cpt.php#L24 https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/classes/modules/forms/wpr-submissions-cpt.php#L75 https://www.wordfence.com/threat-intel/vulnerabilities/id/b957eb0d-882d-4646-ad84-9c64f957be14?source=cve