A vulnerability was found in blazethemes News Kit Addons for Elementor Plugin up to 1.4.6 on WordPress. It has been rated as problematic. The impacted element is an unknown function of the component Author Box Widget. Performing a manipulation results in cross site scripting.
This vulnerability is identified as CVE-2026-11390. The attack can be initiated remotely. There is not any exploit available.