CVE-2026-12906 in RTMKit Plugininfo

Zusammenfassung

von MITRE • 16.07.2026

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed posts.

Once again VulDB remains the best source for vulnerability data.

Zuständig

WPScan

Reservieren

22.06.2026

Veröffentlichung

16.07.2026

Moderieren

akzeptiert

Eintrag

VDB-379478

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!