Vulnerability Details CVE-2025-1456
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.6%
CVSS Severity
CVSS v3 Score 6.4
References
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/assets/js/frontend.min.js
- https://plugins.trac.wordpress.org/changeset/3262790/royal-elementor-addons/tags/1.7.1013/assets/js/frontend.js?old=3255849&old_path=royal-elementor-addons%2Ftags%2F1.7.1012%2Fassets%2Fjs%2Ffrontend.js
- https://www.wordfence.com/threat-intel/vulnerabilities/id/68c6e428-b9cf-442f-a896-a8ceb4b9be0e?source=cve
Products affected by CVE-2025-1456
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:-
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.0
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.2
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.2
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.21
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.22
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.23
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.25
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.26
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.27
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.28
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.29
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.30
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.32
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.33
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.34
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.36
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.37
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.38
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.39
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.40
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.42
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.43
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.44
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.45
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.46
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.47
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.48
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.49
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.50
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.51
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.56
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.58
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.59
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.60
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.61
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.62
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.63
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.64
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.65
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.66
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.67
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.68
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.69
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.70
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.71
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.75
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.76
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.77
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.78
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.79
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.80
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.81
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.82
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.83
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.84
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.85
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.86
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.87
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.88
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.89
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.90
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.91
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.92
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.93
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.94
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.95
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.96
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.97
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.971
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.972
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.973
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.974
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.975
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.976
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.977
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.978
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.979
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.980
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.981
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.982
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.983
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.984
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.985
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.986
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.3.987
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1001
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1002
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1003
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1004
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1005
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1006
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1007
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1008
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1009
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1010
-
cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:1.7.1012