Review
Royal Addons
CVE published 2026-07-17
CVE-2026-13402
The Royal Addons for Elementor WordPress plugin before 1.7.1063 has a vulnerability allowing unauthenticated users to retrieve rendered HTML content of private or draft Elementor templates linked from non-public navigation menu items due to insufficient checks on post status and template references in one of its REST endpoints. This issue arises from the plugin's failure to properly validate the post stat [truncated]