Home / Vulnerability Intelligence / CVE-2025-13067

CVE-2025-13067 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 11, 2026

Royal Addons for Elementor - Unrestricted File Upload

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

Royal Addons for Elementor WordPress plugin <= 1.7.1049 contains an unrestricted file upload vulnerability caused by insufficient file type validation allowing main.php files to bypass sanitization, letting authenticated authors upload arbitrary files potentially leading to remote code execution.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 9.9%(Probability of exploitation in next 30 days)

Impact

Authenticated authors can upload arbitrary files, potentially leading to remote code execution and full server compromise.

Mitigation

Update to the latest version beyond 1.7.1049.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 11, 2026

🟠 CVE-2025-13067 - High (8.8) The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13067/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-13067
Severity: High
CVSS Score: 8.8
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 9.9%
Social Posts: 1

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

9.9%Probability of exploitation in the next 30 days