CVE-2026-28135

NONE EPSS 0.06%

Mar 05, 2026

Updated Mar 05, 2026

Inclusion

Parameter	Value
Type	CWE-829 (Inclusion of Functionality from Untrusted Source)
Vendor	Inclusion
Public PoC	No

Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1049.

Weakness Type (CWE)

CWE-829 Inclusion of Functionality from Untrusted Source

References 1

https://patchstack.com/database/Wordpress/Plugin/royal-elementor-addons/vulnera…

audit@patchstack.com

Share Post Share Share Share

CVE Details

CVE ID

CVE-2026-28135

Published Date

Mar 05, 2026

Vendor

Inclusion

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.06%

Likelihood of exploitation in next 30 days

Percentile: 17.8th percentile (higher than 17.8% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-28135

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-28135

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity