All 2 CVE vulnerabilities found in Kirki – Freeform Page Builder, Website Builder & Customizer, with AI-generated Chinese analysis, references, and POCs.
Vendor: themeum
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-8073 | Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP CWE-23 | 7.5 | High | 2026-05-19 |
| CVE-2026-8096 | Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action CWE-862 | 6.5 | Medium | 2026-05-19 |
All 2 known CVE vulnerabilities affecting Kirki – Freeform Page Builder, Website Builder & Customizer with full Chinese analysis, references, and POCs where available.