cleantalk
Vulnerabilities and Security Researches

Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post, CVE-2025-14434

CVE, Research URL

CVE-2025-14434

Home page URL

Security reports for Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post

Application

Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post

Published on
Dec 31, 2025
Research Description
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and retrieve rendered HTML content of private and unpublished ones.
Affected versions
max 4.0.16.
Status
vulnerable
Previous vulnerability researches
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) , Aug 26, 2025
New vulnerability
Advanced Classifieds & Directory Pro (CVE-2025-68580) , Jan 10, 2026
Co-marquage service-public.fr (CVE-2025-62113) , Jan 10, 2026
404 Solution (CVE-2025-14477) , Jan 10, 2026
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More. (CVE-2025-69024) , Jan 10, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-13754) , Jan 10, 2026