PT-2026-54939 · Themeum · Kirki – Freeform Page Builder
Jagadesh Achanta
·
Publicado
2026-07-02
·
Atualizado
2026-07-02
·
CVE-2026-12122
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.11 via the get single symbol. This makes it possible for unauthenticated attackers to extract the full builder metadata and rendered HTML of any kirki symbol post — including unpublished drafts — by supplying a sequential WordPress post ID.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kirki – Freeform Page Builder