Security Advisory

CVE-2026-1060

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-28 14:25:11

Last updated 2026-04-08 17:03:16

Assigner Wordfence

State PUBLISHED

Description

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission_callback set to __return_true, allowing unauthenticated attackers to retrieve the complete list of available addons, their installation status, version numbers, and download URLs.

← Browse all CVEs View on cve.org ↗