CVE Catalog
CVE-2026-57680
MediumCVSS 6.5Summary
The Kirki plugin version 6.0.11 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access protected resources or data without authentication.
Risk Assessment
The risk involves potential unauthorized access to sensitive data or system functions, which could lead to information disclosure or privilege escalation.
Recommendation
It is recommended to immediately update the Kirki plugin to the latest available version that fixes this vulnerability. Also review access control configuration for all objects.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions.

