CVE Catalog

CVE-2026-57627

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Summary

Server Side Request Forgery (SSRF) vulnerability in Kirki plugin versions up to 6.0.11 allows a subscriber to send HTTP requests from the server to internal network resources.

Risk Assessment

An attacker with subscriber privileges can exploit this vulnerability to scan internal networks, access sensitive data, or perform attacks on other services within the infrastructure.

Recommendation

Immediately update the Kirki plugin to version 6.0.12 or later, which includes a fix for the SSRF vulnerability.

Original NVD description (English source)

Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS