CVE-2026-6504 — Cross-Site Scripting (XSS)
CVE-2026-6504 — The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated
What This Means For You
- If your environment is affected by CWE-79, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-6504 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Stored XSS in Royal Elementor Addons via title_tag parameter — CVE-2026-6504
title: Stored XSS in Royal Elementor Addons via title_tag parameter — CVE-2026-6504
id: scw-2026-05-14-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-6504 by identifying requests to the WordPress AJAX endpoint with the 'action=royal_elementor_ajax' parameter and a 'title_tag' parameter containing typical XSS script tags. This indicates a Stored XSS attack targeting the Royal Elementor Addons and Templates plugin.
author: SCW Feed Engine (AI-generated)
date: 2026-05-14
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-6504/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/wp-admin/admin-ajax.php'
cs-uri-query|contains:
- 'action=royal_elementor_ajax'
cs-uri-query|contains:
- 'title_tag='
selection_indicators:
cs-uri-query|contains:
- '<script>'
cs-uri-query|contains:
- '</script>'
condition: selection AND selection_indicators
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6504 | vulnerability | CVE-2026-6504 |
| CWE-79 | weakness | CWE-79 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 14, 2026 at 12:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-2347: Critical Authorization Bypass in Akilli E-Commerce Website
CVE-2026-2347 — Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website:...
CVE-2025-11024: Akilli E-Commerce Blind SQLi Critical Vulnerability
CVE-2025-11024 — Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows...
WordPress InfusedWoo Pro Plugin Vulnerable to Arbitrary File Read (CVE-2026-6514)
CVE-2026-6514 — The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit....