CVE Catalog

CVE-2026-12122

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

The Kirki plugin for WordPress up to version 6.0.11 is vulnerable to sensitive information exposure via the get_single_symbol function. Unauthenticated attackers can extract full builder metadata and rendered HTML of any kirki_symbol post, including unpublished drafts, by supplying a sequential WordPress post ID.

Risk Assessment

The risk involves potential theft of confidential design data, such as unpublished layouts and content, which could lead to business information leakage or privacy breaches.

Recommendation

It is recommended to immediately update the Kirki plugin to the latest available version that fixes this vulnerability. If an update is not possible, temporarily disable the plugin.

Original NVD description (English source)

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.11 via the get_single_symbol. This makes it possible for unauthenticated attackers to extract the full builder metadata and rendered HTML of any kirki_symbol post — including unpublished drafts — by supplying a sequential WordPress post ID.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS