Description
The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the render_csv_data() function, which can be bypassed by including 'docs.google.com/spreadsheets' in a query parameter, and the subsequent use of these URLs in fopen() calls without blocking internal or private network addresses. This makes it possible for authenticated attackers, with Contributor-level access and above, to make requests to arbitrary URLs and retrieve sensitive information from internal services.
Published: 2026-05-02
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Royal Elementor Addons plugin for WordPress is vulnerable to Server‑Side Request Forgery (SSRF) in versions up to 1.7.1057. Inadequate validation of user‑supplied URLs in the render_csv_data() function lets attackers inject URLs such as those pointing to Google Sheets. The plugin then uses these URLs directly in fopen() calls without preventing internal or private network addresses from being contacted, enabling an authenticated user with Contributor level or higher to make arbitrary HTTP requests and retrieve sensitive information from internal services.

Affected Systems

Affected systems are WordPress sites running the Royal Elementor Addons – Addons and Templates Kit for Elementor plugin in any version 1.7.1057 or earlier. Sites that have not applied the latest patch from the Royal Addons maintainers remain vulnerable.

Risk and Exploitability

The CVSS score of 7.2 indicates high impact, and while the EPSS score is not available the vulnerability can be actively exploited by authenticated users with Contributor level or higher. The lack of a CISA KEV listing means no public exploit kit is confirmed, but the weakness can still be leveraged through credential compromise or internal phishing. Administrators should treat this as a high‑priority patching issue, especially for sites where contributor access is broadly distributed.

Generated by OpenCVE AI on May 2, 2026 at 09:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Royal Elementor Addons plugin to the latest version that contains the SSRF fix.
  • Review and restrict Contributor‑level permissions to only trusted accounts.
  • Implement network‑level controls, such as a firewall or DNS rule, to block outbound connections to internal or private IP ranges from the web server.

Generated by OpenCVE AI on May 2, 2026 at 09:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wproyal
Wproyal royal Addons For Elementor – Addons And Templates Kit For Elementor
Vendors & Products Wordpress
Wordpress wordpress
Wproyal
Wproyal royal Addons For Elementor – Addons And Templates Kit For Elementor

Sat, 02 May 2026 08:00:00 +0000

Type Values Removed Values Added
Description The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the render_csv_data() function, which can be bypassed by including 'docs.google.com/spreadsheets' in a query parameter, and the subsequent use of these URLs in fopen() calls without blocking internal or private network addresses. This makes it possible for authenticated attackers, with Contributor-level access and above, to make requests to arbitrary URLs and retrieve sensitive information from internal services.
Title Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
Wproyal Royal Addons For Elementor – Addons And Templates Kit For Elementor
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-05-02T07:46:41.839Z

Reserved: 2026-04-13T14:20:48.540Z

Link: CVE-2026-6229

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T08:16:27.477

Modified: 2026-05-02T08:16:27.477

Link: CVE-2026-6229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T10:00:06Z

Weaknesses