Cross-Site Request Forgery in Royal Elementor Addons Plugin for WordPress
CVE-2025-1441

8.8HIGH

Key Information:

Vendor
WordPress
Status
Royal Elementor Addons And Templates
Vendor
CVE Published:
19 February 2025

Summary

The Royal Elementor Addons and Templates plugin for WordPress has a security flaw due to inadequate nonce validation in its 'wpr_filter_woo_products' function. This vulnerability permits unauthenticated attackers to exploit the plugin by sending forged requests. If an administrator is lured into clicking a malicious link, the attacker could execute unauthorized actions, thereby compromising the website's security.

Affected Version(s)

Royal Elementor Addons and Templates * <= 1.7.1007

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/royal-elemento...
https://plugins.trac.wordpress.org/browser/royal-elemento...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthew Rollings
.