Vulnerabilities

CVE-2025-14434 - Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

2025-12-31 0 views admin

CVE ID : CVE-2025-14434 Published : Dec. 31, 2025, 6:15 a.m. | 43 minutes ago Description : The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and retrieve rendered HTML content of private and unpublished ones. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-14434

Published

Dec. 31, 2025

Affected Product: WordPress

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14434wordpress

CVE-2025-14434 - Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-49358 - WordPress Content Fetcher plugin <= 1.1 - cross site scripting (xss) vulnerability

CVE-2025-62135 - WordPress Responsive Block Control plugin <= 1.2.9 - cross site scripting (xss) ...

CVE-2025-62991 - WordPress Minamaze theme <= 1.10.1 - cross site scripting (xss) vulnerability

CVE-2025-62757 - WordPress WebMan Amplifier plugin <= 1.5.12 - cross site scripting (xss) vulnera...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting