Vulnerability Details CVE-2025-0393
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.3%
CVSS Severity
CVSS v3 Score 6.1
References
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1006/classes/modules/wpr-filter-grid-posts.php#L1260
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1006/classes/modules/wpr-filter-grid-posts.php#L391
- https://plugins.trac.wordpress.org/changeset/3220959/
- https://wordpress.org/plugins/royal-elementor-addons/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a8e34c05-7431-4acd-91f3-aab5e66f61ad?source=cve
Products affected by CVE-2025-0393
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:-
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.0
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.2
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.2
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.21
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.22
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.23
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.25
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.26
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.27
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.28
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.29
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.30
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.32
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.33
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.34
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.36
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.37
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.38
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.39
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.40
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.42
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.43
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.44
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.45
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.46
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.47
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.48
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.49
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.50
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.51
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.56
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.58
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.59
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.60
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.61
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.62
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.63
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.64
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.65
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.66
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.67
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.68
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.69
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.70
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.71
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.75
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.76
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.77
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.78
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.79
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.80
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.81
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.82
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.83
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.84
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.85
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.86
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.87
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.88
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.89
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.90
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.91
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.92
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.93
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.94
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.95
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.96
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.97
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.971
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.972
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.973
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.974
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.975
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.976
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.977
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.978
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.979
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.980
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.981
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.982
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.983
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.984
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.985
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.986
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.987
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1001
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1002
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1003
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1004
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1005
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1006