CVE-2025-11363

CVE-2025-11363: Royal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File Upload

Vendor Unknown
Product Royal Addons for Elementor
Published December 15, 2025
Last update December 15, 2025

CVSS base score

What the vulnerability does

01Description

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr_addons_upload_file action.

Key dates

02Disclosure timeline

December 15, 2025 CVE published
December 15, 2025 Record updated