PatchSiren

blazethemes CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM blazethemes CVE published 2026-07-14

CVE-2026-11390

The News Kit Addons For Elementor plugin for WordPress has a Stored Cross-Site Scripting vulnerability via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6. This is due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access and above can inject arbitrary web scripts in pages that execute when a user accesses an [truncated]