9 matches found
CVE-2026-1944
The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...
CVE-2026-1944
The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...
CVE-2026-1944
The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...
CVE-2026-1944 CallbackKiller service widget <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update
The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...
CVE-2026-1944 CallbackKiller service widget <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update
The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...
CVE-2026-1944
CVE-2026-1944 concerns the WordPress plugin CallbackKiller service widget, affected versions up to 1.2. The issue is a missing capability check in the cbk_save() function, enabling unauthenticated attackers to modify the plugin’s site ID settings via the cbk_save_v1 AJAX action. Multiple connecte...
WordPress plugin CallbackKiller 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
PT-2026-8084
The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbk save function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID...
WordPress CallbackKiller service widget plugin <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update vulnerability
Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin CallbackKiller service widget versions = 1.2...