WordPress King Addons for Elementor plugin <= 51.1.49 - Unauthenticated API Keys Disclosure vulnerability

Unauthenticated API Keys Disclosure vulnerability discovered by Ulyses Saicha in WordPress Plugin King Addons for Elementor versions = 51.1.49...

CVE-2025-13997

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. - Install the plugin and set the API creds to: - Key:...

WordPress Clerk plugin <= 3.8.2 - Auth. Bypass and API Keys Disclosure vulnerability

Auth. Bypass and API Keys Disclosure vulnerability discovered by Francesco Carlucci in the WordPress Clerk plugin versions = 3.8.2. Solution Update the WordPress Clerk plugin to the latest available version at least 4.0...

CVE-2022-23653

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...