MEDIUM
blazethemes
CVE published 2026-07-14
CVE-2026-11390
The News Kit Addons For Elementor plugin for WordPress has a Stored Cross-Site Scripting vulnerability via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6. This is due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access and above can inject arbitrary web scripts in pages that execute when a user accesses an [truncated]