Back to overview

CVE-2026-13402

Description
The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from non-public navigation menu items.

Metadata

CVE ID
CVE-2026-13402
State
PUBLISHED
Assigner
WPScan
Reserved
2026-06-26 08:45 UTC
Published
2026-07-17 06:00 UTC
Last updated
2026-07-17 06:00 UTC
Vendor / Product
Unknown / Royal Addons for Elementor
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Unknown Royal Addons for Elementor 0 < 1.7.1063
Weakness (CWE)
CWESourceDescription
cna CWE-200 Information Exposure
Back to overview