3 matches found
CVE-2026-9710
creationtimestamp| type| source ---|---|--- 2026-07-07 06:16:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mpzxdpv5zk2m...
CVE-2026-9710
The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens against arbitrary...
CVE-2026-9710
The CVE covers the premium Cornerstone WordPress component bundled with X Theme, affected versions before 7.8.8. Root cause: a CSS-preview request handler did not enforce capability checks and exposed the nonce to every logged-in user on wp-admin pages. Impact: any authenticated user can evaluate...