Royal Elementor Addons Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Royal Elementor Addons plugin for WordPress, affecting all versions through 1.7.1056. The issue arises in the 'wpr_update_form_action_meta' AJAX action, where the 'status' parameter lacks proper input sanitization and output escaping. This vulnerability is compounded by a publicly exposed nonce that permits unauthenticated access to the AJAX handler, allowing attackers to inject arbitrary scripts that execute when users view the affected page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, send a request to the 'wpr_update_form_action_meta' AJAX action with a crafted 'status' parameter that includes the malicious script. Ensure to include the leaked nonce for authentication.

Remediation

Users are advised to update the Royal Elementor Addons plugin to version 1.7.1057 or later.