9 matches found
CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
EUVD-2025-21665
Malicious code in bioql PyPI...
EUVD-2025-9829
Malicious code in bioql PyPI...
CVE-2025-8446
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blazedemoimporterinstallplugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with...
PT-2025-37921
Name of the Vulnerable Software and Affected Versions: Blaze Demo Importer plugin for WordPress versions through 1.0.12 Description: The Blaze Demo Importer plugin for WordPress is susceptible to unauthorized limited plugin installation due to a missing capability check within the blaze demo...
CVE-2025-54037
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.3.4...
CVE-2025-32196
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2025-32196
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2024-9541 News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access...