All 3 CVE vulnerabilities found in Kirki – Freeform Page Builder, Website Builder & Customizer, with AI-generated Chinese analysis, references, and POCs.
Vendor: themeum
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-8206 | Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' CWE-269 | 9.8 | Critical | 2026-06-02 |
| CVE-2026-8073 | Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP CWE-23 | 7.5 | High | 2026-05-19 |
| CVE-2026-8096 | Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action CWE-862 | 6.5 | Medium | 2026-05-19 |
All 3 known CVE vulnerabilities affecting Kirki – Freeform Page Builder, Website Builder & Customizer with full Chinese analysis, references, and POCs where available.