CVE-2026-40720 Royal Elementor Addons CVE debrief

Who should care

Administrators and users of Royal Elementor Addons Pro versions before 1.7.1041 should prioritize updating to the latest version to prevent potential XSS attacks. Web application security teams should review and patch vulnerable installations.

Technical summary

CVE-2026-40720 is an Unauthenticated Cross Site Scripting (XSS) vulnerability in Royal Elementor Addons Pro. The vulnerability has a CVSS score of 7.1 and CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. It allows unauthenticated attackers with access to the network to inject malicious scripts into web pages. The weakness is classified as CWE-79.

Defensive priority

High

Recommended defensive actions

• Update Royal Elementor Addons Pro to version 1.7.1041 or later.
• Review and patch vulnerable installations.
• Implement additional security measures to detect and prevent XSS attacks.
• Monitor web application logs for suspicious activity.
• Consider using a web application firewall (WAF) to detect and block malicious traffic.
• Regularly update and patch all software and plugins.

Evidence notes

The vulnerability was reported by Patchstack and published in the NVD. The CVE record and NVD detail pages provide additional information. The vendor and product information is not confirmed, but the vulnerability is tracked by CVE-2026-40720.

Official resources