WP Royal Royal Elementor Addons: Schwachstelle ermöglicht Cross-Site Scripting
A cross-site scripting (XSS) vulnerability exists in WP Royal, a WordPress page builder extension known as Royal Elementor Addons. This vulnerability affects versions up to and including 1.7.1041. The issue could allow attackers to inject malicious scripts into web pages generated by the plugin. No CVSS score is provided for this vulnerability.
AI Analysis
Technical Summary
CVE-2026-40720 identifies a cross-site scripting vulnerability in WP Royal, a versatile and intuitive page builder extension for WordPress. The vulnerability affects all versions up to and including 1.7.1041. The Bundesamt für Sicherheit in der Informationstechnik published this advisory but did not provide a CVSS score or detailed technical exploitation information. No known exploits are reported in the wild. No patch or remediation details are provided in the source data.
Potential Impact
The vulnerability allows cross-site scripting attacks, which could enable attackers to execute arbitrary scripts in the context of affected websites using WP Royal versions up to 1.7.1041. This may lead to session hijacking, defacement, or other script-based attacks depending on the context of exploitation. No further impact details or exploitation reports are available.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or fix information is provided, users should monitor official channels from the Bundesamt für Sicherheit in der Informationstechnik or the WP Royal plugin maintainers for updates. Until a fix is available, consider disabling or restricting use of the affected plugin versions to mitigate risk.
WP Royal Royal Elementor Addons: Schwachstelle ermöglicht Cross-Site Scripting
Description
A cross-site scripting (XSS) vulnerability exists in WP Royal, a WordPress page builder extension known as Royal Elementor Addons. This vulnerability affects versions up to and including 1.7.1041. The issue could allow attackers to inject malicious scripts into web pages generated by the plugin. No CVSS score is provided for this vulnerability.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40720 identifies a cross-site scripting vulnerability in WP Royal, a versatile and intuitive page builder extension for WordPress. The vulnerability affects all versions up to and including 1.7.1041. The Bundesamt für Sicherheit in der Informationstechnik published this advisory but did not provide a CVSS score or detailed technical exploitation information. No known exploits are reported in the wild. No patch or remediation details are provided in the source data.
Potential Impact
The vulnerability allows cross-site scripting attacks, which could enable attackers to execute arbitrary scripts in the context of affected websites using WP Royal versions up to 1.7.1041. This may lead to session hijacking, defacement, or other script-based attacks depending on the context of exploitation. No further impact details or exploitation reports are available.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or fix information is provided, users should monitor official channels from the Bundesamt für Sicherheit in der Informationstechnik or the WP Royal plugin maintainers for updates. Until a fix is available, consider disabling or restricting use of the affected plugin versions to mitigate risk.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_base
- Csaf Version
- 2.0
- Publisher
- Bundesamt für Sicherheit in der Informationstechnik
- Advisory Id
- WID-SEC-W-2026-1644
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a343d48f198dc38c14eabae
Added to database: 6/18/2026, 6:47:36 PM
Last enriched: 6/18/2026, 6:51:23 PM
Last updated: 6/19/2026, 11:08:48 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.