Common Vulnerabilities and Exposures (CVE): - CVE-2026-1060 Common Vulnerability Scoring System (CVSS): - 5.3 (Medium) Publication Status: - Publicly Published: January 27, 2026 - Last Updated: January 28, 2026 Contributor of Information: - ibrahimsqI Problem Description: - Insecure Information Disclosure (via 'get-addons-list' REST API) in WP Adminify versions up to and including 4.0.7.7 Other Detail Information: - Type of Software: Plugin - Particularke Software Vulnerability in Plugin: adminify. Link to View on WordPress.org - Patched Status: Yes - Solution Measures: Upgrade to version 4.0.7.8 or any more recent patched version - Impacted Versions: Versions up to and including 4.0.7.7 - Version with Patch Issued: 4.0.7.8 Vulnerability Pertains To Following WordPress Extensions: - WP Adminify – White Label WordPress - WP Adminify – Admin Menu Editor - WP Adminify – Login Customizer