PT-2025-54283 · WordPress · The Ultimate Post Kit Addons For Elementor
Drtime
·
Published
2025-12-31
·
Updated
2025-12-31
·
CVE-2025-14434
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Ultimate Post Kit Addons for Elementor WordPress plugin versions prior to 4.0.16
Description
The plugin has multiple AJAX “load more” endpoints, including
upk alex grid loadmore posts, that do not properly verify post publication status before displaying content. This allows attackers without authentication to access and retrieve rendered HTML content of private and unpublished posts.Recommendations
Update to version 4.0.16 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
The Ultimate Post Kit Addons For Elementor