CVE Catalog
CVE-2026-57627
MediumCVSS 4.9Summary
Server Side Request Forgery (SSRF) vulnerability in Kirki plugin versions up to 6.0.11 allows a subscriber to send HTTP requests from the server to internal network resources.
Risk Assessment
An attacker with subscriber privileges can exploit this vulnerability to scan internal networks, access sensitive data, or perform attacks on other services within the infrastructure.
Recommendation
Immediately update the Kirki plugin to version 6.0.12 or later, which includes a fix for the SSRF vulnerability.
Original NVD description (English source)
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.

