Primary

Context

Royal Addons for Elementor Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing information exposure has been identified in the Royal Addons for Elementor plugin for WordPress, affecting all versions through 1.7.1049. The issue arises in the get_main_query_args() function, where inadequate restrictions allow unauthenticated attackers to access non-public custom post types. This could include sensitive data such as Contact Form 7 submissions or WooCommerce coupons.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information from custom post types, such as Contact Form 7 submissions or WooCommerce coupons.

Remediation

Users are advised to update the Royal Addons for Elementor plugin to version 1.7.1050 or later.

Added: Mar 17, 2026, 4:18 AM

Updated: Mar 17, 2026, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

4.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

4.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Royal Addons for Elementor Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Royal Addons for Elementor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating