XML Injection Vulnerability Affects Royal Elementor Addons
CVE-2024-50442

7.2HIGH

Key Information:

Vendor: WordPress
Status: Royal Elementor Addons
Vendor: CVE Published:; 28 October 2024

Summary

The Royal Elementor Addons developed by WP Royal are vulnerable to an XML External Entity (XXE) injection due to improper restrictions on XML External Entity references. This issue arises in specific versions of the plugin, allowing attackers to exploit the vulnerability to perform XML injection attacks. The affected versions range from unspecified releases up to and including 1.3.980. Prompt actions should be taken to mitigate potential attacks that could expose sensitive data.

Affected Version(s)

Royal Elementor Addons <= 1.3.980

References

https://patchstack.com/database/vulnerability/royal-eleme...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 28, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

wcraft (Patchstack Alliance)