38 matches found
EUVD-2026-43611
The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets
The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress News Kit Addons For Elementor plugin <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin News Kit Elementor Addons versions = 1.4.6...
CVE-2026-25416
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416
CVE-2026-25416 is a Missing Authorization (Broken Access Control) vulnerability in WordPress plugin News Kit Addons for Elementor (News Kit Elementor Addons) <= 1.4.2. Affected component is the Elementor Addons News Kit plugin; root cause is incorrectly configured access control. CVSS 3.1 base...
WordPress plugin News Kit Elementor Addons 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-20739
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin News Kit Elementor Addons versions = 1.4.2...
EUVD-2025-9829
Malicious code in bioql PyPI...
EUVD-2024-52386
Malicious code in bioql PyPI...
EUVD-2025-21665
Malicious code in bioql PyPI...
CVE-2025-8446
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blazedemoimporterinstallplugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with...
CVE-2025-8446
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blazedemoimporterinstallplugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with...
CVE-2025-8446
CVE-2025-8446 concerns the Blaze Demo Importer plugin for WordPress (versions 1.0.12 or apply the vendor-provided fix, and validate that unauthorized plugin installations are disallowed.
PT-2025-37921
Name of the Vulnerable Software and Affected Versions: Blaze Demo Importer plugin for WordPress versions through 1.0.12 Description: The Blaze Demo Importer plugin for WordPress is susceptible to unauthorized limited plugin installation due to a missing capability check within the blaze demo...
WordPress News Kit Elementor Addons Missing Authorization Vulnerability
WordPress News Kit Elementor Addons is a visual page builder plugin designed for WordPress websites, mainly for creating news or blog sites. A lack of authorization vulnerability exists in WordPress News Kit Elementor Addons that stems from improperly configured access control, and no details of...