CVE-2025-11363 - Vulnerability Details

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr_addons_upload_file action.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://wpscan.com/vulnerability/b2eadb7a-30a4-44c7-a420-849484faccf4/

History

Mon, 15 Dec 2025 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr_addons_upload_file action.
Title		Royal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File Upload
References		https://wpscan.com/vulnerability/b2eadb7a-30a4-44c7-a420-849484faccf4/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2025-12-15T06:00:03.088Z

Updated: 2025-12-15T06:00:03.088Z

Reserved: 2025-10-06T12:38:04.177Z

Link: CVE-2025-11363

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-15T06:15:42.383

Modified: 2025-12-15T06:15:42.383

Link: CVE-2025-11363

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object