CVE-2024-1567
Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.
| CWE | CWE-434 |
| Vendor | wproyal |
| Product | royal addons for elementor – addons and templates kit for elementor |
| Published | May 2, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for wproyal royal addons for elementor – addons and templates kit for elementor
Be the first to know when new high vulnerabilities affecting wproyal royal addons for elementor – addons and templates kit for elementor are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
wproyal / Royal Addons for Elementor – Addons and Templates Kit for Elementor
0 ≤ 1.3.94
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/7a04705d-cd17-4b4b-b04d-de55d6479dab?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.89/classes/modules/forms/wpr-file-upload.php#L105 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.90/classes/modules/forms/wpr-file-upload.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3056612/royal-elementor-addons/tags/1.3.95/classes/modules/forms/wpr-file-upload.php?old=3055840&old_path=royal-elementor-addons%2Ftags%2F1.3.94%2Fclasses%2Fmodules%2Fforms%2Fwpr-file-upload.php
Credits
wesley