CVE-2026-24386

Missing Authorization vulnerability in Element Invader Element Invader - Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader - Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2026-24386 WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader Element Invader Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2026-24386 WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2026-24386

CVE-2026-24386 describes a Missing Authorization vulnerability in the WordPress plugin “Element Invader – Template Kits for Elementor” (versions n/a through 1.2.4). The root cause is incorrectly configured access control, enabling unauthorized access to protected actions/files within elementinvad...

CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

CVE-2025-31413

CVE-2025-31413 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin family Element Pack Elementor Addons. Affected component: Element Pack Addons for Elementor (bdthemes-element-pack-lite) with versions up to and including 8.3.13. Root cause: CSRF exposure allows an...

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

Server-Side Request Forgery (SSRF)

Chainlit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to fetching attacker-controlled URLs during element updates, where the SQLAlchemy data layer performs outbound HTTP GET requests on user-supplied url values, allowing authenticated attackers to access internal...

CVE-2026-0920

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajaxregisterhandle' function not restricting what user roles a user can register with. This makes it possible for...

CVE-2026-0920

CVE-2026-0920 affects the WordPress plugin “LA-Studio Element Kit for Elementor” (≤ 1.5.6.3). The root cause is a missing role restriction in the AJAX registration handler (ajax_register_handle), which lets unauthenticated users supply the lakit_bkrole parameter and create an administrator accoun...

Azure Linux 3.0 Security Update: kernel (CVE-2024-27012)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27012 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set element...

PT-2026-3959

Name of the Vulnerable Software and Affected Versions Element Pack Elementor Addons versions through 8.3.13 Description A Cross-Site Request Forgery CSRF issue exists in Element Pack Elementor Addons. This allows attackers to perform actions on behalf of authenticated users. Recommendations Updat...

WordPress plugin LA-Studio Element Kit for Elementor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

WordPress plugin bdthemes-element-pack-lite has a cross-site request forgeing vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

WordPress plugin Element Invader has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4269

Missing Authorization vulnerability in Element Invader Element Invader Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader Template Kits for Elementor: from n/a through = 1.2.4...

PT-2026-3919

Name of the Vulnerable Software and Affected Versions LA-Studio Element Kit for Elementor versions through 1.5.6.3 Description The LA-Studio Element Kit for Elementor plugin for WordPress is susceptible to unauthorized administrative user creation. This occurs because the ajax register handle...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38202)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38202 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter vulnerability

Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakitbkrole parameter vulnerability discovered by WordFence in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.6.3...