Security Advisory

CVE-2025-14434

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-31 06:00:11

Last updated 2026-01-02 14:37:14

Assigner WPScan

State PUBLISHED

Description

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and retrieve rendered HTML content of private and unpublished ones.

← Browse all CVEs View on cve.org ↗