75 matches found
CVE-2026-57726
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...
CVE-2026-57727
Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...
CVE-2026-57725
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through = 6.0.11...
CVE-2026-57724
Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...
EUVD-2026-43290
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
CVE-2026-57724
CVE-2026-57724 affects the WordPress Kirki plugin (Kirki <= 6.0.12). The root cause is a deserialization of untrusted data leading to PHP Object Injection . According to the sources, this vulnerability can be exploited remotely (network attack vector) with no user interaction and can impact co...
CVE-2026-57724 WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...
CVE-2026-57727 WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...
CVE-2026-57726
CVE-2026-57726 affects the WordPress Kirki plugin (versions up to and including 6.0.12). The issue is an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. The CVSS v3.1 vector indicates high impact with network access, no...
CVE-2026-57725 WordPress Kirki plugin <= 6.0.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through = 6.0.11...
CVE-2026-57726 WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...
CVE-2026-57727
CVE-2026-57727 concerns the WordPress Kirki plugin (Kirki) with versions 6.0.13 and earlier, reported as a Missing Authorization / Broken Access Control vulnerability. The connected sources (NVD, CVE records, CVElist, PatchStack) describe an incorrectly configured access control that could allow ...
CVE-2026-57725
The CVE-2026-57725 entry concerns the WordPress Kirki plugin (Themeum Kirki) with a Stored XSS vulnerability in web page generation. Affected version range is Kirki up to 6.0.11 (exact affected range:
CVE-2026-12275
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
CVE-2026-12275
Affected software: Tutor LMS WordPress plugin (before 3.9.13) with Droip and Kirki page-builder integrations. What is vulnerable: The core course handler does not perform enrollment, purchase, and private-course capability checks when using Droip/Kirki integrations, permitting authenticated users...
CVE-2026-12275 Tutor LMS < 3.9.13 - Subscriber+ Unauthorized Course Enrollment and Private Course Content Disclosure via Droip/Kirki Integration
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.12...
WordPress Kirki plugin <= 6.0.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.11...
WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Kirki versions = 6.0.12...
WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin Kirki versions = 6.0.13...