CVE-2026-8118 | The Royal Addons for Elementor – Addons and Templates Kit fo… | CVSS 6.5 MEDIUM

Description

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wpr_get_csv_handle() helper (introduced in version 1.7.1058 as part of the patch for CVE-2026-6229) falling back to is_readable() and fopen($source, 'r') on the attacker-controlled settings.table_upload_csv.url value when it does not parse as an HTTP URL, with no allow-list, traversal block, or extension check. This makes it possible for authenticated attackers, with Contributor-level access and above, to save a crafted wpr-data-table widget through Elementor's save_builder endpoint and have the rendered preview return the line-by-line contents of any file readable by the PHP process, including wp-config.php.

Metadata

CVE ID: CVE-2026-8118
State: PUBLISHED
Assigner: Wordfence
Reserved: 2026-05-07 16:50 UTC
Published: 2026-06-19 04:31 UTC
Last updated: 2026-06-19 04:31 UTC
Primary CWE: CWE-73
CWE-73 External Control of File Name or Path
Vendor / Product: wproyal / Royal Addons for Elementor – Addons and Templates Kit for Elementor
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products (1)

Vendor	Product	Platform	Versions
wproyal	Royal Addons for Elementor – Addons and Templates Kit for Elementor	—	1.7.1058 ≤ 1.7.1059

Weakness (CWE)

CWE	Source	Description
CWE-73	cna	CWE-73 External Control of File Name or Path

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (2)