PT-2026-51701 · Undefined · Undefined
Real_King_Engine
·
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-9709
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co Cornerstone page builder distributed bundled with the X , not the unrelated free
cornerstone Cornerstone WordPress plugin before 7.8.9 (v0.8.x) on the .org repository.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined