CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Positive Technologies•added yesterday•4 views

PT-2026-45904

Patch Priority: Sitefinity Credential Exposure with likely internet exposure CVSS 9.8-10.0 Affected: Progress Sitefinity; OpenMed; Spacelabs Sentinel; Masteriyo LMS PRO; Kirki Internet-facing risks dominate, led by Sitefinity and multiple pre-auth remote code execution and privilege escalation...

10CVSS6.5AI score0.00236EPSS

Exploits2References1

GithubExploit•added 2 days ago•58 views

Exploit for CVE-2026-8206

CVE-2026-8206 - Kirki WordPress Plugin Mass Exploit !Python...

9.8CVSS6AI score0.00119EPSS

Exploits2

NVD•added 2 days ago•8 views

CVE-2026-8206

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

9.8CVSS0.00119EPSS

Exploits2References8

Vulnrichment•added 2 days ago•4 views

CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'

9.8CVSS5.9AI score0.00119EPSS

Exploits2References8

EUVD•added 2 days ago•9 views

EUVD-2026-33881

9.8CVSS5.9AI score0.00119EPSS

Exploits2References8

ATTACKERKB•added 2 days ago•4 views

CVE-2026-8206

9.8CVSS5.9AI score0.00119EPSS

Exploits2References9Affected Software1

CVE•added 2 days ago•55 views

CVE-2026-8206

The Kirki plugin for WordPress (Kirki – Freeform Page Builder, Website Builder & Customizer) versions 6.0.0–6.0.6 contain an unauthenticated privilege-escalation flaw in the password-reset flow. When a username is provided, the code ignores the target user’s email and uses the email supplied in t...

9.8CVSS5.9AI score0.00119EPSS

In wildExploits2References8

Cvelist•added 2 days ago•46 views

CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'

9.8CVSS0.00119EPSS

Exploits2References8

VulnCheck KEV•added 2 days ago•3 views

VulnCheck KEV: CVE-2026-8206

9.8CVSS5.9AI score0.00119EPSS

In wildExploits2References2

Positive Technologies•added 2 days ago•7 views

PT-2026-45693

Name of the Vulnerable Software and Affected Versions Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0 through 6.0.6 Description The plugin allows privilege escalation via account takeover because it accepts an arbitrary email address when a username is provided in a...

9.8CVSS5.9AI score0.00119EPSS

Exploits2References22

Patchstack•added 3 days ago•7 views

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

9.8CVSS5.8AI score0.00119EPSS

Exploits2References1Affected Software1

Wordfence Blog•added 3 days ago•10 views

Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin

On May 4th, 2026, we received a submission for an Unauthenticated Privilege Escalation vulnerability in the Kirki WordPress plugin. Although the plugin has more than 500,000 active installations, we estimate that only around 150,000 sites are using a vulnerable version, as the issue was introduce...

9.8CVSS6AI score0.00119EPSS

Exploits2

Patchstack•added 2026/05/25 7:25 a.m.•11 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

6.5CVSS5.8AI score0.0003EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/21 11:32 a.m.•8 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion vulnerability

Unauthenticated Limited Arbitrary File Read and Deletion vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

7.5CVSS5.8AI score0.00118EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/19 7:16 p.m.•7 views

CVE-2026-8073

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

7.5CVSS0.00118EPSS

Exploits0References3

NVD•added 2026/05/19 7:16 p.m.•9 views

CVE-2026-8096

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

6.5CVSS0.0003EPSS

Exploits0References3

ATTACKERKB•added 2026/05/19 6:33 p.m.•6 views

CVE-2026-8073

7.5CVSS5.9AI score0.00118EPSS

Exploits0References4

EUVD•added 2026/05/19 6:33 p.m.•6 views

EUVD-2026-30976

7.5CVSS5.9AI score0.00118EPSS

Exploits0References3

Cvelist•added 2026/05/19 6:33 p.m.•24 views

CVE-2026-8073 Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP