CVE-2025-50009

CVE-2025-5009 (Kata Plus) : WordPress Kata Plus add-ons (1.5.3 and earlier) suffer a Missing Authorization/broken access control vulnerability. Root cause is incorrectly configured access control levels allowing unauthorized actions. Affected software: Kata Plus – Addons for Elementor – Widgets, ...

CVE-2025-50009 WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3...

WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin Kata Plus versions = 1.5.3...

CVE-2025-32572

CVE-2025-32572 is a PHP object injection flaw caused by deserialization of untrusted data in the Kata Plus WordPress plugin family (Kata Plus – Addons for Elementor – Widgets, Extensions and Templates). Affected versions range up to 1.5.2 (with CVE entries tracking up to 1.5.3 per Patchstack/Word...

WordPress Kata Plus Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Kata Plus Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9376 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1f7dc90a1046 Credits Francesco Carlucci Required...

WordPress Kata Plus plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Kata Plus versions = 1.4.7...