GCVE - cpe:2.3:a:posimyththemes:wdesignkit_–_elementor_&_gutenberg_starter_templates,_patterns,_cloud_workspace_&_widget

Approved changes feed: RSS · Atom

cpe:2.3:a:posimyththemes:wdesignkit_–_elementor_&_gutenberg_starter_templates,_patterns,_cloud_workspace_&_widget_builder:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Posimyththemes (`ecef35c2-ac01-58ae-93aa-049eec190067`)
Product	Wdesignkit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder (`fe57a031-8bc8-5cf5-beea-a5ed8f714288`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9029`	vulnerable	2026-06-08 07:45:21.615798	WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function MEDIUM (4.3) The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to missing authorization via the wdkit_handle_review_submission function in versions less than, or equal to, 1.2.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to submit feedback data to external services. Published: 2025-10-04T02:24:38.389Z Updated: 2026-04-08T17:30:38.404Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/e89f0699-42be-403a-8cdb-31e214a85851?source=cve https://plugins.trac.wordpress.org/browser/wdesignkit/tags/1.2.17/includes/admin/notices/class-wdkit-review-form.php#L117	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12189`	vulnerable	2026-06-08 06:23:51.416428	WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting MEDIUM (6.4) The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that you may need to recreate any custom widgets or reinstall the plugin to ensure the issue is adequately patched. Published: 2025-04-01T06:52:04.579Z Updated: 2026-04-08T16:44:26.760Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/2e936214-ee25-4763-ba7a-b5308cc09a57?source=cve https://plugins.trac.wordpress.org/changeset?old_path=/wdesignkit/tags/1.2.3&new_path=/wdesignkit/tags/1.2.4&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Wdesignkit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

PURL mappings

Vulnerability references

Contribute