CVE-2025-1441: 
WordPress vulnerability analysis and mitigation

The Royal Elementor Addons and Templates plugin for WordPress was found to contain a Cross-Site Request Forgery (CSRF) vulnerability, identified as CVE-2025-1441. The vulnerability affects all versions up to and including 1.7.1007, and was disclosed on February 19, 2025. The security flaw stems from missing or incorrect nonce validation in the 'wprfilterwoo_products' function (NVD).

The vulnerability received a CVSS v3.1 score of 8.8 (HIGH), indicating its significant severity. The issue specifically relates to improper implementation of security controls in the 'wprfilterwoo_products' function, where nonce validation is either missing or incorrectly implemented. This security weakness exists in the plugin's core functionality for handling WooCommerce product filtering (NVD).

The vulnerability allows unauthenticated attackers to inject malicious web scripts through forged requests. The attack can be successful if an attacker manages to trick a site administrator into performing specific actions, such as clicking on a malicious link. This creates a significant security risk for WordPress sites using the affected plugin versions (NVD).

Website administrators running the Royal Elementor Addons and Templates plugin should immediately update their installations to a version newer than 1.7.1007, which contains the security fix. Until an update can be applied, it is recommended to exercise caution when clicking on links while logged in as an administrator (NVD).