Lucene search
K

75 matches found

NVD
NVD
added 2 days ago3 views

CVE-2026-57726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57727

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...

7.5CVSS0.00287EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57725

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through = 6.0.11...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57724

Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.8CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43290

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

7.1CVSS6.2AI score0.00171EPSS
Exploits0References2
CVE
CVE
added 2 days ago13 views

CVE-2026-57724

CVE-2026-57724 affects the WordPress Kirki plugin (Kirki <= 6.0.12). The root cause is a deserialization of untrusted data leading to PHP Object Injection . According to the sources, this vulnerability can be exploited remotely (network attack vector) with no user interaction and can impact co...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-57724 WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.8CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57727 WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...

7.5CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-57726

CVE-2026-57726 affects the WordPress Kirki plugin (versions up to and including 6.0.12). The issue is an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. The CVSS v3.1 vector indicates high impact with network access, no...

9.3CVSS6.1AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-57725 WordPress Kirki plugin <= 6.0.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through = 6.0.11...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57726 WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.3CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-57727

CVE-2026-57727 concerns the WordPress Kirki plugin (Kirki) with versions 6.0.13 and earlier, reported as a Missing Authorization / Broken Access Control vulnerability. The connected sources (NVD, CVE records, CVElist, PatchStack) describe an incorrectly configured access control that could allow ...

7.5CVSS6.1AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-57725

The CVE-2026-57725 entry concerns the WordPress Kirki plugin (Themeum Kirki) with a Stored XSS vulnerability in web page generation. Affected version range is Kirki up to 6.0.11 (exact affected range:

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-12275

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

7.1CVSS0.00171EPSS
Exploits0References1
CVE
CVE
added 2 days ago14 views

CVE-2026-12275

Affected software: Tutor LMS WordPress plugin (before 3.9.13) with Droip and Kirki page-builder integrations. What is vulnerable: The core course handler does not perform enrollment, purchase, and private-course capability checks when using Droip/Kirki integrations, permitting authenticated users...

7.1CVSS6.2AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-12275 Tutor LMS < 3.9.13 - Subscriber+ Unauthorized Course Enrollment and Private Course Content Disclosure via Droip/Kirki Integration

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

0.00171EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/06 1:16 p.m.5 views

WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.12...

9.8CVSS5.9AI score0.00386EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 1:12 p.m.5 views

WordPress Kirki plugin <= 6.0.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.11...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 12:59 p.m.4 views

WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Kirki versions = 6.0.12...

9.3CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 12:46 p.m.4 views

WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin Kirki versions = 6.0.13...

7.5CVSS5.9AI score0.00287EPSS
Exploits0Affected Software1
Rows per page
Query Builder