The vulnerability identified as CVE-2025-54037 affects the News Kit Elementor Addons plugin by blazethemes. It is caused by missing authorization checks, which means that users with some level of privilege (PR:L) can perform actions that should be restricted, due to incorrect access control configuration. The CVSS vector indicates network attack vector, low attack complexity, no user interaction required, unchanged scope, no confidentiality impact, but limited integrity and availability impacts. The affected versions include all versions up to 1.3.4. No patch or official fix information is currently available.

Exploitation of this vulnerability could allow an attacker with limited privileges to perform unauthorized actions that may alter data or disrupt service availability within the affected plugin. There is no confidentiality impact reported. The medium severity rating reflects the limited but non-negligible risk posed by this issue. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict user privileges to the minimum necessary and monitor for unusual activity related to the News Kit Elementor Addons plugin. Avoid granting elevated permissions to untrusted users. Follow updates from blazethemes for any forthcoming patches or mitigation instructions.