Royal Addons for Elementor – Addons and Templates Kit for Elementor Security & Risk Analysis
wordpress.org/plugins/royal-elementor-addonsElementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.
Is Royal Addons for Elementor – Addons and Templates Kit for Elementor Safe to Use in 2026?
Use With Caution
Score 50/100Royal Addons for Elementor – Addons and Templates Kit for Elementor has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The Royal Elementor Addons plugin exhibits a concerning security posture, despite some positive indicators in its code. While it shows a good percentage of SQL queries using prepared statements and proper output escaping, the substantial number of unprotected AJAX handlers (38 out of 100) and REST API routes (2 out of 2) presents a significant attack surface. The taint analysis, though showing no critical or high severity issues, does indicate 22 flows with unsanitized paths, which could potentially lead to vulnerabilities if exploited correctly. The plugin's vulnerability history is a major red flag, with a total of 64 known CVEs, including one critical and four high-severity vulnerabilities that are currently unpatched. This history, spanning a wide range of common web application security flaws, suggests a pattern of recurring security weaknesses. Therefore, while the plugin demonstrates some adherence to secure coding practices, the vast number of unprotected entry points and the extensive history of critical and high-severity vulnerabilities, especially the currently unpatched critical one, make this plugin a high-risk component. Users should exercise extreme caution and prioritize patching or finding alternatives for this plugin.
Key Concerns
- Unpatched Critical CVE detected
- Multiple high severity unpatched CVEs
- Significant number of unprotected AJAX handlers
- All REST API routes lack permission callbacks
- Taint flows with unsanitized paths
- Bundled outdated Freemius library
- Large number of file operations
Royal Addons for Elementor – Addons and Templates Kit for Elementor Security Vulnerabilities
CVEs by Year
Severity Breakdown
64 total CVEs
Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass
Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization
Royal Elementor Addons and Templates <= 1.7.1036 - Missing Authorization to Unauthenticated Media File Upload
Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets
Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons <= 1.3.977 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons <= 1.7.1006 - Authenticated (Admin+) Server Side Request Forgery
Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Royal Elementor Addons <= 1.7.1001 - Reflected Cross-Site Scripting
Royal Elementor Addons <= 1.7.1001 - Missing Authorization
Royal Elementor Addons <= 1.3.987 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure
Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget
Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget
Royal Elementor Addons <= 1.3.980 - Authenticated (Author+) External Entity Injection
Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure
Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget
Royal Elementor Addons <= 1.3.982 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget
Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads
Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget
Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget
Royal Elementor Addons <= 1.3.93 - Unauthenticated IP Spoofing
Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes
Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags
Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload
Royal Elementor Addons <= 1.3.93 - Authenticated (Contributor+) Stored Cross-Site Scriting
Royal Elementor Addons and Templates <= 1.3.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget
Royal Elementor Addons and Templates <= 1.3.87 - Authenticated (Contributor+) Stored Cross-Site Scripting
Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_wishlist
Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_compare
Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_compare
Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_wishlist
Royal Elementor Addons and Templates <= 1.3.87 - Missing Authorization via wpr_update_form_action_meta
Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via wpr_update_form_action_meta
Royal Elementor Addons and Templates <= 1.3.80 - Missing Authorization to Private/Password Protected Post Read
Royal Elementor Addons and Templates <= 1.3.78 - Unauthenticated Arbitrary File Upload
Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery
Royal Elementor Addons <=1.3.70 - Unauthenticated MailChimp API Key Disclosure
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation
Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Import
Royal Elementor Addons <= 1.3.59 - Reflected Cross-Site Scripting
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Deactivation
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Kit Import
Royal Elementor Addons <=1.3.55 - Authenticated (Subscriber+) Arbitrary Post Deletion
Royal Elementor Addons <=1.3.55 - Missing Authorization to Subscriber+ Arbitrary Post Creation
Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery
Royal Addons for Elementor – Addons and Templates Kit for Elementor Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Royal Addons for Elementor – Addons and Templates Kit for Elementor Attack Surface
AJAX Handlers 100
REST API Routes 2
Shortcodes 1
WordPress Hooks 201
Maintenance & Trust
Royal Addons for Elementor – Addons and Templates Kit for Elementor Maintenance & Trust
Maintenance Signals
Community Trust
Royal Addons for Elementor – Addons and Templates Kit for Elementor Alternatives
Spexo Addons for Elementor – Elementor Widgets, WooCommerce Builder, Mega Menu and Starter Templates for Elementor
sastra-essential-addons-for-elementor
Advanced Elementor addons plugin with widgets, WooCommerce builders, mega menu, template kits and extensions for faster WordPress website design.
Turbo Addons Elementor
turbo-addons-elementor
Turbo Addons for Elementor offers advanced widgets to enhance Elementor, helping you create professional, interactive websites easily and quickly.
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor
elementskit-lite
Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget
Essential Addons for Elementor – Popular Elementor Templates & Widgets
essential-addons-for-elementor-lite
Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.
Ultimate Addons for Elementor
header-footer-elementor
Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …
Royal Addons for Elementor – Addons and Templates Kit for Elementor Developer Profile
9 plugins · 766K total installs
How We Detect Royal Addons for Elementor – Addons and Templates Kit for Elementor
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/royal-elementor-addons/assets/css/wpr-addons-style.css/wp-content/plugins/royal-elementor-addons/assets/js/wpr-addons-js.js/wp-content/plugins/royal-elementor-addons/assets/js/wpr-addons-frontend.js/wp-content/plugins/royal-elementor-addons/assets/css/wpr-free-carousel.css/wp-content/plugins/royal-elementor-addons/assets/js/wpr-free-carousel.js/wp-content/plugins/royal-elementor-addons/assets/css/wpr-free-gallery.css/wp-content/plugins/royal-elementor-addons/assets/js/wpr-free-gallery.js/wp-content/plugins/royal-elementor-addons/assets/js/wpr-free-imageshape.js+17 more/wp-content/plugins/royal-elementor-addons/assets/js/wpr-addons-js.js/wp-content/plugins/royal-elementor-addons/assets/js/wpr-addons-frontend.js/wp-content/plugins/royal-elementor-addons/assets/js/wpr-free-carousel.js/wp-content/plugins/royal-elementor-addons/assets/js/wpr-free-gallery.js/wp-content/plugins/royal-elementor-addons/assets/js/wpr-free-imageshape.js/wp-content/plugins/royal-elementor-addons/assets/js/wpr-free-testimonial.js+8 moreroyal-elementor-addons/assets/css/wpr-addons-style.css?ver=royal-elementor-addons/assets/js/wpr-addons-js.js?ver=royal-elementor-addons/assets/js/wpr-addons-frontend.js?ver=royal-elementor-addons/assets/css/wpr-free-carousel.css?ver=royal-elementor-addons/assets/js/wpr-free-carousel.js?ver=royal-elementor-addons/assets/css/wpr-free-gallery.css?ver=royal-elementor-addons/assets/js/wpr-free-gallery.js?ver=royal-elementor-addons/assets/js/wpr-free-imageshape.js?ver=royal-elementor-addons/assets/css/wpr-free-testimonial.css?ver=royal-elementor-addons/assets/js/wpr-free-testimonial.js?ver=royal-elementor-addons/assets/css/wpr-free-twitter.css?ver=royal-elementor-addons/assets/js/wpr-free-twitter.js?ver=royal-elementor-addons/assets/css/wpr-free-woo-cart.css?ver=royal-elementor-addons/assets/js/wpr-free-woo-cart.js?ver=royal-elementor-addons/modules/widgets/carousel/assets/css/carousel.css?ver=royal-elementor-addons/modules/widgets/carousel/assets/js/carousel.js?ver=royal-elementor-addons/modules/widgets/gallery/assets/css/gallery.css?ver=royal-elementor-addons/modules/widgets/gallery/assets/js/gallery.js?ver=royal-elementor-addons/modules/widgets/imageshape/assets/js/imageshape.js?ver=royal-elementor-addons/modules/widgets/testimonial/assets/css/testimonial.css?ver=royal-elementor-addons/modules/widgets/testimonial/assets/js/testimonial.js?ver=royal-elementor-addons/modules/widgets/twitter/assets/css/twitter.css?ver=royal-elementor-addons/modules/widgets/twitter/assets/js/twitter.js?ver=royal-elementor-addons/modules/widgets/woo-cart/assets/css/woo-cart.css?ver=royal-elementor-addons/modules/widgets/woo-cart/assets/js/woo-cart.js?ver=HTML / DOM Fingerprints
wpr-addons-carouselwpr-addons-gallerywpr-addons-imageshapewpr-addons-testimonialwpr-addons-twitterwpr-addons-woo-cartwpr-carouselwpr-gallery+11 more<!-- Start Royal Elementor Addons --><!-- End Royal Elementor Addons --><!-- WPR Icons List Start --><!-- WPR Icons List End -->+36 moredata-widget_typedata-settingsdata-responsivedata-carousel-iddata-swiper-optionsdata-slides-per-view+26 morewpr_addons_paramsWPR_addons_dataWPR_FrontEnd/wp-json/wpr-addons/v1/get-data