CVE-2026-2284

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'necleandata' AJAX action. This makes it possible for authenticated attackers,...

WordPress plugin News Element Elementor Blog Magazine 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20640

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne clean data' AJAX action. This makes it possible for authenticated attackers...

WordPress News Element Elementor Blog Magazine plugin <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss vulnerability

Missing Authorization to Authenticated Subscriber+ Data Loss vulnerability discovered by Legion Hunter in WordPress Plugin News Element Elementor Blog Magazine versions = 1.0.8...

EUVD-2025-9823

Malicious code in bioql PyPI...

CVE-2025-32191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon News Element Elementor Blog Magazine news-element allows DOM-Based XSS.This issue affects News Element Elementor Blog Magazine: from n/a through = 1.0.9...

CVE-2025-32191 WordPress News Element Elementor Blog Magazine plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon News Element Elementor Blog Magazine news-element allows DOM-Based XSS.This issue affects News Element Elementor Blog Magazine: from n/a through = 1.0.9...

PT-2025-14973 · Unknown · Webangon News Element Elementor Blog Magazine

Name of the Vulnerable Software and Affected Versions: webangon News Element Elementor Blog Magazine versions 1.0.0 through 1.0.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This...

CVE-2024-6459

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-6459 News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...