Cross-Site Scripting Vulnerability in Royal Elementor Addons by WProyal
CVE-2026-27421

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Royal Elementor Addons
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-27421?

A Cross-Site Scripting (XSS) vulnerability has been identified in the Royal Elementor Addons by WProyal, allowing attackers to inject malicious scripts that can be stored and executed in the context of a user's browser. This flaw can lead to unauthorized access to sensitive information or user interactions on compromised web pages. Websites using versions prior to 1.7.1053 are particularly susceptible to this security issue, underscoring the importance of updating to mitigate potential exploits.

Affected Version(s)

Royal Elementor Addons < 1.7.1053

References

https://patchstack.com/database/wordpress/plugin/royal-el...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

Peter Thaleikis | Patchstack Bug Bounty Program

CVE-2026-27421 Data

JSON