No analysis available yet.
Vendor Solution
Update the WordPress Kirki Plugin to the latest available version (at least 6.0.12).
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Themeum
Themeum kirki Wordpress Wordpress wordpress |
|
| Vendors & Products |
Themeum
Themeum kirki Wordpress Wordpress wordpress |
Thu, 02 Jul 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions. | |
| Title | WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-07-02T13:46:34.079Z
Reserved: 2026-06-25T08:03:42.567Z
Link: CVE-2026-57680
Updated: 2026-07-02T13:46:30.383Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-02T13:30:05Z
-
CWE-639
Authorization Bypass Through User-Controlled Key