Lucene search
K

10 matches found

Cvelist
Cvelist
added last week32 views

CVE-2026-57680 WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...

6.5CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-57680

CVE-2026-57680 affects the WordPress Kirki plugin versions

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/01 8:0 p.m.5 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Jagadesh Achanta - Independent in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/01 7:59 p.m.4 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/30 11:11 a.m.5 views

WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.11...

6.5CVSS5.8AI score0.00253EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/26 2:53 p.m.16 views

CVE-2026-57627

CVE-2026-57627 describes a Server-Side Request Forgery (SSRF) in the WordPress Kirki plugin, versions

4.9CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57627 WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...

4.9CVSS0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:18 p.m.5 views

WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...

4.9CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/01 5:17 p.m.15 views

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

9.8CVSS5.8AI score0.0126EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:25 a.m.26 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

6.5CVSS5.8AI score0.00404EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder