CVE-2026-1060 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/…
Medium CVSS: 5.3

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission_callback set to __return_true, allowing unauthenticated attackers to retrieve the complete list of available addons, their installation status, version numbers, and download URLs.
Vendor
-
Product
-
CWE
CWE-200
Yayın Tarihi
2026-01-28 15:16:16
Güncelleme
2026-01-29 16:31:00
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-200 MEDIUM 2026

Referanslar

https://plugins.trac.wordpress.org/browser/adminify/tags/4.0.6.1/Libs/Addons.php#L54 https://plugins.trac.wordpress.org/changeset/3442928/ https://www.wordfence.com/threat-intel/vulnerabilities/id/7ecb4f95-346e-49b3-859f-44f28a72f065?source=cve