CVE-2026-5737
CVE-2026-5737 concerns the Independent Analytics plugin for WordPress, vulnerable through an unauthenticated SSRF in versions up to 2.14.9. A public tracking route at /wp-json/iawp/search accepts attacker-controlled referrer_url values when signatures match, compounded by a scheduled favicon fetc...