CVE-2026-2284

Name of the Vulnerable Software and Affected Versions The News Element Elementor Blog Magazine plugin for WordPress versions up to and including 1.0.8

Description The plugin is susceptible to a missing authorization issue due to the absence of a capability check and nonce verification on the ne clean data AJAX action. This allows authenticated attackers with Subscriber-level access or higher to truncate eight core WordPress database tables (posts, comments, terms, term relationships, term taxonomy, postmeta, commentmeta, termmeta) and delete the entire WordPress uploads directory, potentially leading to complete data loss.

Recommendations Update The News Element Elementor Blog Magazine plugin to a version later than 1.0.8.