Royal Elementor Addons
Moderate fix1 remedy
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.7.1056
Royal Elementor Addons Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the Royal Elementor Addons plugin for WordPress, affecting versions through 1.7.1056. The issue arises in the Image Grid/Slider/Carousel widget, where insufficient output escaping in the render_post_thumbnail() function allows authenticated users with Author-level access and above to inject arbitrary scripts into image captions. These scripts are executed when a user views a page with the affected image displayed in the media grid widget.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.
Remediation
Users can update to version 1.7.1057 or a newer patched version to address this vulnerability.
Added: Apr 24, 2026, 6:31 AM
Updated: Apr 24, 2026, 6:31 AM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
1.7exploitability
5.8remediation
7.7relevance
6.6threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.