CVE-2024-1567: CWE-434 Unrestricted Upload of File with Dangerous Type in wproyal Royal Addons for Elementor – Addons and Templates Kit for Elementor
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.
AI Analysis
Technical Summary
CVE-2024-1567 is a CWE-434 vulnerability in the Royal Addons for Elementor – Addons and Templates Kit for Elementor WordPress plugin. The issue arises from insufficient validation of uploaded file types in the 'file_validity' function, allowing unauthenticated attackers to upload potentially dangerous files like .svgz. This can lead to cross-site scripting or remote code execution on the affected web server. The vulnerability affects all versions up to and including 1.3.94. No patch or official fix information is currently provided.
Potential Impact
Successful exploitation allows unauthenticated attackers to upload files with dangerous types, potentially leading to cross-site scripting or remote code execution on the affected WordPress site. This can compromise site integrity and user data confidentiality. The CVSS score of 8.2 reflects a high impact on confidentiality and integrity with no required privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict file upload permissions and consider disabling or limiting the use of the affected plugin. Monitor for updates from the vendor wproyal regarding patches or official mitigations.
CVE-2024-1567: CWE-434 Unrestricted Upload of File with Dangerous Type in wproyal Royal Addons for Elementor – Addons and Templates Kit for Elementor
Description
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-1567 is a CWE-434 vulnerability in the Royal Addons for Elementor – Addons and Templates Kit for Elementor WordPress plugin. The issue arises from insufficient validation of uploaded file types in the 'file_validity' function, allowing unauthenticated attackers to upload potentially dangerous files like .svgz. This can lead to cross-site scripting or remote code execution on the affected web server. The vulnerability affects all versions up to and including 1.3.94. No patch or official fix information is currently provided.
Potential Impact
Successful exploitation allows unauthenticated attackers to upload files with dangerous types, potentially leading to cross-site scripting or remote code execution on the affected WordPress site. This can compromise site integrity and user data confidentiality. The CVSS score of 8.2 reflects a high impact on confidentiality and integrity with no required privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict file upload permissions and consider disabling or limiting the use of the affected plugin. Monitor for updates from the vendor wproyal regarding patches or official mitigations.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-02-15T20:15:56.171Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6d35b7ef31ef0b56efd7
Added to database: 2/25/2026, 9:44:21 PM
Last enriched: 4/9/2026, 1:42:13 PM
Last updated: 4/12/2026, 1:34:48 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.