Lucene search
K

38 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43611

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score0.00252EPSS
Exploits0References9
Cvelist
Cvelist
added yesterday18 views

CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00252EPSS
Exploits0References9
Patchstack
Patchstack
added 2 days ago5 views

WordPress News Kit Addons For Elementor plugin <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin News Kit Elementor Addons versions = 1.4.6...

6.4CVSS6.1AI score0.00252EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.7 views

CVE-2026-25416

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.7 views

CVE-2026-25416

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

4.3CVSS0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.3 views

CVE-2026-25416

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

5.5AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.30 views

CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

4.3CVSS0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.5 views

CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.14 views

CVE-2026-25416

CVE-2026-25416 is a Missing Authorization (Broken Access Control) vulnerability in WordPress plugin News Kit Addons for Elementor (News Kit Elementor Addons) &lt;= 1.4.2. Affected component is the Elementor Addons News Kit plugin; root cause is incorrectly configured access control. CVSS 3.1 base...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin News Kit Elementor Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20739

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

5.5AI score0.00185EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/28 11:26 a.m.7 views

WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin News Kit Elementor Addons versions = 1.4.2...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-9829

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00367EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-52386

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00299EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-21665

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/18 11:23 a.m.5 views

CVE-2025-8446

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blazedemoimporterinstallplugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with...

4.3CVSS5AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2025/09/16 12:15 p.m.5 views

CVE-2025-8446

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blazedemoimporterinstallplugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with...

4.3CVSS0.00219EPSS
Exploits0References3
CVE
CVE
added 2025/09/16 11:17 a.m.13 views

CVE-2025-8446

CVE-2025-8446 concerns the Blaze Demo Importer plugin for WordPress (versions 1.0.12 or apply the vendor-provided fix, and validate that unauthorized plugin installations are disallowed.

4.3CVSS4.7AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.7 views

PT-2025-37921

Name of the Vulnerable Software and Affected Versions: Blaze Demo Importer plugin for WordPress versions through 1.0.12 Description: The Blaze Demo Importer plugin for WordPress is susceptible to unauthorized limited plugin installation due to a missing capability check within the blaze demo...

4.3CVSS5.7AI score0.00219EPSS
Exploits0References6
CNVD
CNVD
added 2025/07/23 12:0 a.m.2 views

WordPress News Kit Elementor Addons Missing Authorization Vulnerability

WordPress News Kit Elementor Addons is a visual page builder plugin designed for WordPress websites, mainly for creating news or blog sites. A lack of authorization vulnerability exists in WordPress News Kit Elementor Addons that stems from improperly configured access control, and no details of...

5.4CVSS6.9AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder