Cross-site Scripting Vulnerability in Royal Elementor Addons by WP Royal
CVE-2024-56062

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Royal Elementor Addons
Vendor: CVE Published:; 31 December 2024

Summary

The vulnerability identified in WP Royal's Royal Elementor Addons stems from improper neutralization of user inputs during web page generation, specifically leading to a Cross-site Scripting (XSS) attack. Attackers can exploit this Stored XSS vulnerability to inject malicious scripts into web applications, potentially compromising user data and session integrity. This flaw affects users of Royal Elementor Addons in all versions up to and including 1.3.987, underscoring the need for prompt updates and remediation to safeguard against potential exploits.

Affected Version(s)

Royal Elementor Addons <= 1.3.987

References

https://patchstack.com/database/wordpress/plugin/royal-el...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2024

Credit

Robert DeVore (Patchstack Alliance)