VYPR

Kirki

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-8206CriJun 2, 2026
    risk 0.57cvss 9.8epss 0.01

    The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the…

  • CVE-2026-8073HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.01

    The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This…

  • CVE-2026-8096MedMay 19, 2026
    risk 0.35cvss 6.5epss 0.00

    The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes…