What the vulnerability does
01Description
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1052.
Explanation of Vulnerability in Simple Terms
02Summary
Royal Elementor Addons versions up to 1.7.1052 contain an integrity vulnerability allowing network-based attacks without authentication. An attacker can modify data or functionality on affected sites. The vulnerability has low availability impact. Update to a version newer than 1.7.1052 to remediate.
What an attacker can do
03Attacker Capabilities
Modify site data or functionality without needing to log in.
Potential impact on your site
04Site Impact
Site content or behavior could be altered by remote attackers without your knowledge or consent.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
March 5, 2026
CVE published
April 29, 2026
Record updated