CVE-2025-14434
Unknown Unknown - Not Provided
Unauthorized Access via AJAX Endpoint in Ultimate Post Kit Addons

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: WPScan

Description
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX β€œload more” endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and retrieve rendered HTML content of private and unpublished ones.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-06-16
AI Q&A
2025-12-31
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14434
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ultimate_post_kit ultimate_post_kit *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated attackers to access private and unpublished post content, which could lead to unauthorized disclosure of sensitive or personal information. This exposure may result in non-compliance with data protection regulations such as GDPR and HIPAA, which require proper access controls to protect personal and sensitive data from unauthorized access. [1]

Executive Summary

This vulnerability in the Ultimate Post Kit Addons for Elementor WordPress plugin (versions before 4.0.16) allows unauthenticated attackers to access multiple AJAX 'load more' endpoints without proper access control. These endpoints, such as 'upk_alex_grid_loadmore_posts', do not verify if the posts requested are published or if the requester is authenticated. As a result, attackers can query and retrieve the rendered HTML content of private and unpublished posts. [1]

Impact Analysis

The vulnerability can lead to unauthorized disclosure of private and unpublished post content. This means sensitive or confidential information intended to be hidden could be exposed to unauthenticated users, potentially leading to information leakage, reputational damage, or other security risks. [1]

Detection Guidance

This vulnerability can be detected by sending a POST request to the WordPress AJAX handler (admin-ajax.php) with the action parameter set to upk_alex_grid_loadmore_posts and appropriate pagination and post source parameters. If the response returns rendered HTML content of posts without requiring authentication, including private or unpublished posts, the system is vulnerable. For example, you can use the following curl command to test detection: curl -X POST https://your-wordpress-site.com/wp-admin/admin-ajax.php -d 'action=upk_alex_grid_loadmore_posts&paged=1&source=all' If the response contains post content without authentication, the vulnerability exists. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Ultimate Post Kit Addons for Elementor WordPress plugin to version 4.0.16 or later, where the issue has been fixed. This update ensures proper access control on the AJAX endpoints, preventing unauthenticated access to private and unpublished posts. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14434. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart