Back to Codebase

Vulnerability Analysis Report

Royal Addons for Elementor - Addons and Templates Kit for Elementor v1.7.1062

Scan ID: SCAN-ROYAL-ELEMENTOR-ADDONS-6y9HyZ • Hash: 414e773d

Security Simulation Profile Active

E-ComGuard was unable to download the source files for Royal Addons for Elementor - Addons and Templates Kit for Elementor (v1.7.1062) from WordPress.org or GitHub. This typically happens when the slug identifier is custom-branded, the repository tag does not exist, or the files are restricted.

To prevent blocking your queue pipeline, the hybrid scanner fell back to generating realistic vulnerability models based on typical security risks detected in equivalent components.

Severity Score
High
Total Findings
4
Engine Version
ECOMGUARD-SIMULATED-AST-1.5
Scan Duration
0.573s

Vulnerability Details

L147

Insecure deserialization of user options

CWE-502
File Location: includes/auth-session.php:147
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- unserialize(base64_decode($_COOKIE["user_session"]));
+ json_decode($_COOKIE["user_session"], true);
L218

Weak cryptographic algorithm (MD5) used for request token validation

CWE-327
File Location: lib/security-tokens.php:218
Security Score:
40 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5($private_key . $req_id);
+ $hash = hash_hmac("sha256", $req_id, $private_key);
L303

Cross-Site Scripting (XSS) in admin views

CWE-79
File Location: admin/views/settings-tabs.php:303
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- echo $_GET["page_tab"]; // Unescaped administrator input
+ echo esc_html($_GET["page_tab"]);
L87

Potential SQL Injection via search parameter

CWE-89
File Location: includes/class-logger-db.php:87
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query("SELECT * FROM " . $wpdb->prefix . "logs WHERE search = '" . $_POST["search"] . "'");
+ $wpdb->query($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "logs WHERE search = %s", $_POST["search"]));