CVE-2025-69336 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through = 2.9.4...

CVE-2025-69336

Publicly available documents provided do not contain technical details for CVE-2025-69336 (affected product, root cause, impact, or fix). Monitor for updates from additional sources.

Malicious code in shopify-perf-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8ab5bcfbfadc319f33cd1364bdbef1f7517fe3c502f9617bc77391014296a2 The package shopify-perf-kit was found to contain malicious code. Source: ghsa-malware b815f7df6ccc90c9082b80e772505706c55a58e7e187d18b01ff56e6524e57...

EUVD-2026-1111

Malicious code in shopify-perf-kit npm...

MAL-2026-94 Malicious code in shopify-perf-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8ab5bcfbfadc319f33cd1364bdbef1f7517fe3c502f9617bc77391014296a2 The package shopify-perf-kit was found to contain malicious code. Source: ghsa-malware b815f7df6ccc90c9082b80e772505706c55a58e7e187d18b01ff56e6524e57...

Malicious Package

Overview ugc-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

PT-2026-1471

Name of the Vulnerable Software and Affected Versions bdthemes Ultimate Store Kit Elementor Addons versions through 2.9.4 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for potential exploitation...

PT-2026-1409

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain issues including an Out-of-bounds Read, Use of Out-of-range Pointer Offset,...

WordPress plugin Ultimate Store Kit Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-57275 vulnerabilities

Vulnerabilities for packages: longhorn-spdk...

Exploit for Incorrect Implementation of Authentication Algorithm in Wpdirectorykit Wp_Directory_Kit

CVE-2025-13390 WP Directory Kit = 1.4.4 - Authentication B...

PT-2026-34086

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 Oracle GraalVM for JDK versions 17.0.18, 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the Libraries component allo...

PT-2026-20367

Name of the Vulnerable Software and Affected Versions libp11-kit versions prior to 0.26.2-1.1 Description The software contains a NULL dereference issue occurring via the C DeriveKey function when provided with specific NULL parameters. Recommendations Update to libp11-kit version 0.26.2-1.1 or...

WordPress Ultimate Post Kit plugin < 4.0.16 - Unauthenticated Arbitrary Post Content Disclosure vulnerability

Unauthenticated Arbitrary Post Content Disclosure vulnerability discovered by Drtime in WordPress Plugin Ultimate Post Kit versions 4.0.16...

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2025-14434

CVE-2025-14434 affects the WordPress plugin “Ultimate Post Kit Addons for Elementor” (versions prior to 4.0.16). The issue arises from multiple AJAX endpoints (e.g., loadmore posts) that do not verify whether targeted posts are published, enabling an unauthenticated attacker to query arbitrary po...

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

WordPress ElementsKit Elementor Addons and Templates plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Widget vulnerability discovered by Hardik Raval in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.5.2...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Table of Contents Widget vulnerability discovered by Webbernaut in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.4.9...