Lucene search
K

47 matches found

EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-42520

The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS6AI score
Exploits0References8
CVE
CVE
added 6 hours ago6 views

CVE-2026-13253

Affected software. Ultimate Post plugin for WordPress (up to version 5.0.31). Vulnerability. Stored Cross-Site Scripting via the 'moreResultsText' attribute of the ultimate-post/advanced-search block. Root cause. Advanced_Search::content() concatenates the attribute value into an HTML attribute a...

6.4CVSS6AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.4 views

CVE-2026-24362

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15557

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

5.8AI score0.00245EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-24362

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

6.4CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2026-24362 WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

6.4CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-24362 WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

6.4CVSS5.9AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.7 views

CVE-2026-24362

CVE-2026-24362 is a concrete, vendor-confirmed vulnerability affecting Ultimate Post Kit Addons for Elementor (bdthemes Ultimate Post Kit)

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin Ultimate Post Kit 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-27849

Name of the Vulnerable Software and Affected Versions bdthemes Ultimate Post Kit versions through 4.0.21 Description An authorization issue exists in bdthemes Ultimate Post Kit, allowing exploitation due to incorrectly configured access control security levels. The issue impacts the...

6.4CVSS5.9AI score0.00245EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/18 1:6 p.m.6 views

WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Ultimate Post Kit versions = 4.0.21...

6.4CVSS5.8AI score0.00245EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.13 views

CVE-2025-69313

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 5.0.3...

7.5CVSS5.4AI score0.00287EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 7:23 a.m.5 views

WordPress Ultimate Post Kit plugin < 4.0.16 - Unauthenticated Arbitrary Post Content Disclosure vulnerability

Unauthenticated Arbitrary Post Content Disclosure vulnerability discovered by Drtime in WordPress Plugin Ultimate Post Kit versions 4.0.16...

5.3CVSS6.8AI score0.00245EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/31 6:15 a.m.5 views

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

5.3CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 6:0 a.m.5 views

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

6.5AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 6:0 a.m.18 views

CVE-2025-14434

CVE-2025-14434 affects the WordPress plugin “Ultimate Post Kit Addons for Elementor” (versions prior to 4.0.16). The issue arises from multiple AJAX endpoints (e.g., loadmore posts) that do not verify whether targeted posts are published, enabling an unauthenticated attacker to query arbitrary po...

5.3CVSS6.5AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 6:0 a.m.31 views

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.5 views

WordPress plugin Ultimate Post Kit Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/24 3:30 p.m.4 views

EUVD-2025-205230

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through = 5.0.3...

7.5CVSS6.4AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2025/12/24 1:16 p.m.9 views

CVE-2025-68606

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through = 5.0.3...

5.3CVSS0.00201EPSS
Exploits0References1
Rows per page
Query Builder