CVE-2025-14434
Unauthorized Access via AJAX Endpoint in Ultimate Post Kit Addons
Publication date: 2025-12-31
Last updated on: 2025-12-31
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ultimate_post_kit | ultimate_post_kit | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Ultimate Post Kit Addons for Elementor WordPress plugin (versions before 4.0.16) allows unauthenticated attackers to access multiple AJAX 'load more' endpoints without proper access control. These endpoints, such as 'upk_alex_grid_loadmore_posts', do not verify if the posts requested are published or if the requester is authenticated. As a result, attackers can query and retrieve the rendered HTML content of private and unpublished posts. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of private and unpublished post content. This means sensitive or confidential information intended to be hidden could be exposed to unauthenticated users, potentially leading to information leakage, reputational damage, or other security risks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a POST request to the WordPress AJAX handler (admin-ajax.php) with the action parameter set to upk_alex_grid_loadmore_posts and appropriate pagination and post source parameters. If the response returns rendered HTML content of posts without requiring authentication, including private or unpublished posts, the system is vulnerable. For example, you can use the following curl command to test detection: curl -X POST https://your-wordpress-site.com/wp-admin/admin-ajax.php -d 'action=upk_alex_grid_loadmore_posts&paged=1&source=all' If the response contains post content without authentication, the vulnerability exists. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Ultimate Post Kit Addons for Elementor WordPress plugin to version 4.0.16 or later, where the issue has been fixed. This update ensures proper access control on the AJAX endpoints, preventing unauthenticated access to private and unpublished posts. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to access private and unpublished post content, which could lead to unauthorized disclosure of sensitive or personal information. This exposure may result in non-compliance with data protection regulations such as GDPR and HIPAA, which require proper access controls to protect personal and sensitive data from unauthorized access. [1]