PatchSiren

Royal Addons CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review Royal Addons CVE published 2026-07-17

CVE-2026-13402

The Royal Addons for Elementor WordPress plugin before 1.7.1063 has a vulnerability allowing unauthenticated users to retrieve rendered HTML content of private or draft Elementor templates linked from non-public navigation menu items due to insufficient checks on post status and template references in one of its REST endpoints. This issue arises from the plugin's failure to properly validate the post stat [truncated]