CVE-2026-12097
The CVE covers the WordPress User Management plugin (versions up to and including 1.2). Affected component: the plugin’s authorization flow; root cause is improper verification of a user’s permission, enabling an authorization bypass. Impact: unauthenticated attackers can modify the plugin’s expo...