CVE-2026-13402
Received Received - Intake

Unauthenticated Template Content Exposure in Royal Addons for Elementor

Vulnerability report for CVE-2026-13402, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: WPScan

Description

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from non-public navigation menu items.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
royal_addons royal_addons_for_elementor to 1.7.1063 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Royal Addons for Elementor WordPress plugin before version 1.7.1063 allows unauthenticated users to access private or draft Elementor templates linked to non-public navigation menu items. It occurs because a REST endpoint does not check the post status of menu items or templates, enabling disclosure of sensitive HTML content.

Detection Guidance

Check if the Royal Addons for Elementor plugin version is below 1.7.1063. Use WordPress commands like 'wp plugin list' or inspect the plugin files for version details. Test the vulnerable REST endpoint by sending a request to '/wp-json/royal-elementor/v1/get_template_html' with a menu item ID parameter to see if it returns private template content.

  • Use curl to test the endpoint: curl -X POST 'https://example.com/wp-json/royal-elementor/v1/get_template_html?menu_item_id=123' where 123 is a menu item ID.
Impact Analysis

An attacker could exploit this to retrieve restricted content such as draft pages or private templates, potentially exposing sensitive information. This could lead to data leaks or unauthorized access to unpublished content on a WordPress site.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data, which may violate compliance requirements under GDPR or HIPAA if personal or protected health information is exposed. Organizations must ensure proper access controls to maintain regulatory compliance.

Mitigation Strategies

Update the Royal Addons for Elementor plugin to version 1.7.1063 or later immediately. If an update is not available, consider disabling the plugin temporarily until a patch is released. Review and restrict access to sensitive templates and menu items.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13402. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart