Medium severity5.4NVD Advisory· Published Feb 19, 2026· Updated Apr 15, 2026
CVE-2026-2284
CVE-2026-2284
Description
The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne_clean_data' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to truncate 8 core WordPress database tables (posts, comments, terms, term_relationships, term_taxonomy, postmeta, commentmeta, termmeta) and delete the entire WordPress uploads directory, resulting in complete data loss.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.0.8
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.