PT-2025-51197 · WordPress · The Royal Addons For Elementor
Published
2025-12-15
·
Updated
2025-12-15
·
CVE-2025-11363
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Royal Addons for Elementor WordPress plugin versions prior to 1.7.1037
Description
The software does not have appropriate authorization controls, which allows unauthenticated users to upload media files. This is achieved through the
wpr addons upload file action.Recommendations
Update The Royal Addons for Elementor WordPress plugin to version 1.7.1037 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
The Royal Addons For Elementor