CVE-2025-54037 WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4...

CVE-2024-3063

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...

CVE-2025-32196

CVE-2025-32196: News Kit Elementor Addons (News Kit Elementor Addons) vulnerable to Stored XSS due to insufficient input handling; authenticated users (Contributor+) can exploit it. Affected versions include up to 1.3.1; patch status is Unpatched per Wordfence/related sources in connected documen...

CVE-2025-24595 WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through = 1.1.3...