The Royal Elementor Addons plugin for WordPress contains an SSRF vulnerability (CWE-918) in the render_csv_data() function due to insufficient validation of user-supplied URLs. Authenticated attackers with Contributor-level access or higher can exploit this by crafting URLs that include 'docs.google.com/spreadsheets' in query parameters, bypassing validation checks. These URLs are then used in fopen() calls without restrictions on internal or private network addresses, enabling attackers to make arbitrary requests to internal services and potentially retrieve sensitive data. The vulnerability affects versions up to and including 1.7.1057. No patch or official remediation has been disclosed as of the published date.

An attacker with Contributor-level or higher privileges can exploit this SSRF vulnerability to make arbitrary HTTP requests from the server hosting the plugin. This can lead to unauthorized access to internal network resources and sensitive information disclosure. The vulnerability does not directly allow remote code execution or denial of service but poses a significant risk due to potential internal data exposure. The CVSS score of 7.2 reflects a high severity impact with low attack complexity and no user interaction required beyond authentication.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, limit Contributor-level access to trusted users only and monitor for suspicious activity related to URL inputs in the affected plugin. Consider disabling or removing the Royal Elementor Addons plugin if possible to mitigate risk.