CVE-2026-6518 - CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution
CVE ID :CVE-2026-6518 Published : April 18, 2026, 3:37 a.m. | 1 hour, 4 minutes ago Description :The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Need suggestion
- [CYBER] Agentes IA que pasan tus tests. Ese es el problema.
- [CYBER] CVE-2026-6571 - kodcloud KodExplorer systemRole.class.php roleGroupAction authorization
- [CYBER] CVE-2026-6570 - kodcloud KodExplorer systemMember.class.php initInstall authorization
- [CYBER] CVE-2026-6572 - Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization
- [CYBER] Impac Mortgage Holdings Reports Two-Year-Old Data Breach Affecting Over 19,000 Individuals