CVE-2026-12906
The CVE-2026-12906 entry concerns RTMKit Addons for Elementor for WordPress. It affects the plugin prior to version 2.0.9, where an AJAX action does not perform a necessary capability check and returns a post identifier supplied in the request. This allows users with at least the Contributor role...