16 matches found
CVE-2026-57724 WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...
CVE-2026-57726 WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...
CVE-2026-57727 WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...
CVE-2026-57726
CVE-2026-57726 affects the WordPress Kirki plugin (versions up to and including 6.0.12). The issue is an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. The CVSS v3.1 vector indicates high impact with network access, no...
WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Kirki versions = 6.0.12...
WordPress Kirki plugin <= 6.0.14 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin Kirki versions = 6.0.14...
CVE-2026-57680 WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...
CVE-2026-57680
CVE-2026-57680 affects the WordPress Kirki plugin versions
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Jagadesh Achanta - Independent in WordPress Plugin Kirki versions = 6.0.11...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability
Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...
WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.11...
CVE-2026-57627 WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability
Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...
CVE-2026-57627
CVE-2026-57627 describes a Server-Side Request Forgery (SSRF) in the WordPress Kirki plugin, versions
WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...
WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability
Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...