Back to overview

CVE-2026-11781

Description
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them, such as other authors' unpublished post titles, pending comment content, the site's Adminify WordPress plugin before 4.2.10 inventory, and user account names.

Metadata

CVE ID
CVE-2026-11781
State
PUBLISHED
Assigner
WPScan
Reserved
2026-06-09 12:32 UTC
Published
2026-07-02 06:00 UTC
Last updated
2026-07-02 06:00 UTC
Vendor / Product
Unknown / Adminify
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Unknown Adminify 0 < 4.2.10
Weakness (CWE)
CWESourceDescription
cna CWE-200 Information Exposure
Back to overview