CVE-2026-0664 | wproyal Royal Addons for Elementor Plugin up to 1.7.1049 on WordPress Parameter button_text cross site scripting

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability identified as problematic has been detected in wproyal Royal Addons for Elementor Plugin up to 1.7.1049 on WordPress. Affected by this issue is some unknown functionality of the component Parameter Handler. The manipulation of the argument button_text leads to cross site scripting.

This vulnerability is documented as CVE-2026-0664. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-0664 | wproyal Royal Addons for Elementor Plugin up to 1.7.1049 on WordPress Parameter button_text cross site scripting

Post correlati

CVE-2024-6996 | Google Chrome up to 126.0.6478.182 Frames Privilege Escalation

CVE-2024-31266 | AlgolPlus Advanced Order Export for WooCommerce Plugin up to 3.4.4 on WordPress code injection

CVE-2025-49028 | Zoho Mail Zoho ZeptoMail Plugin up to 3.3.1 on WordPress cross-site request forgery

CVE-2024-30645 | Tenda AC15V1.0 15.03.20_multi /goform/setUsbUnload doSystemCmd deviceName command injection