We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2025-11363

CVE-2025-11363

WordPress

Severity: MEDIUM
CVSS: 5.3CVSS
Published: 2025-12-15
Last modified: 2025-12-15
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr_addons_upload_file action.

References

https://wpscan.com/vulnerability/b2eadb7a-30a4-44c7-a420-849484faccf4/

Summary

Description

References