CVE-2026-6963 - WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action
CVE ID :CVE-2026-6963 Published : May 2, 2026, 5:16 a.m. | 51 minutes ago Description :The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. This mak
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Data thieft: A 15-year-old minor arrested
- [CYBER] From Prompt to Production: AYW Workflow Case Study
- [CYBER] Energy Security for “The Africa We Want”: Turning a Global Shock into a Continental Reset
- [CYBER] CVE-2026-6229 - Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter
- [CYBER] CVE-2026-6457 - Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection via 'geo_mashup_null_fields' Parameter
- [CYBER] CVE-2026-6449 - Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint