CVE-2024-1567 HIGH

CVE-2024-1567: Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload

Vendor Wproyal
Product Royal Addons for Elementor – Addons and Templates Kit for Elementor
Weakness CWE-434 · Unrestricted file upload
Published May 2, 2024
Last update April 8, 2026

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.

Key dates

02Disclosure timeline

May 2, 2024 CVE published
April 8, 2026 Record updated