Lucene search
+L

16 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57724 WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.8CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-57726 WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.3CVSS0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-57727 WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...

7.5CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-57726

CVE-2026-57726 affects the WordPress Kirki plugin (versions up to and including 6.0.12). The issue is an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. The CVSS v3.1 vector indicates high impact with network access, no...

9.3CVSS6.1AI score0.00291EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/06 12:59 p.m.4 views

WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Kirki versions = 6.0.12...

9.3CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 12:46 p.m.4 views

WordPress Kirki plugin <= 6.0.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin Kirki versions = 6.0.14...

7.5CVSS6.1AI score0.00287EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57680 WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...

6.5CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.13 views

CVE-2026-57680

CVE-2026-57680 affects the WordPress Kirki plugin versions

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/01 8:0 p.m.5 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Jagadesh Achanta - Independent in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/01 7:59 p.m.5 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/30 11:11 a.m.6 views

WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.11...

6.5CVSS5.8AI score0.00253EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57627 WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...

4.9CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.21 views

CVE-2026-57627

CVE-2026-57627 describes a Server-Side Request Forgery (SSRF) in the WordPress Kirki plugin, versions

4.9CVSS5.8AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:18 p.m.6 views

WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...

4.9CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/01 5:17 p.m.16 views

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

9.8CVSS5.8AI score0.0126EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:25 a.m.29 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

6.5CVSS5.8AI score0.00404EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder