4 matches found
WordPress WP Adminify plugin <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability
Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability discovered by ibrahimsql in WordPress Plugin WP Adminify versions = 4.0.7.7...
CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API
The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...
CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API
The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...
CVE-2026-1060
CVE-2026-1060 concerns the WordPress plugin WP Adminify. The vulnerability allows unauthenticated access to sensitive addon information via the REST endpoint /wp-json/adminify/v1/get-addons-list. The endpoint is registered with a permisssion_callback of __return_true, enabling any user to retriev...