Filtered by vendor Krellbat
Subscriptions
Filtered by product Callbackkiller Service Widget
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1944 | 2 Krellbat, Wordpress | 2 Callbackkiller Service Widget, Wordpress | 2026-02-16 | 5.3 Medium |
| The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbk_save() function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settings via the 'cbk_save_v1' AJAX action. | ||||
Page 1 of 1.