CVE ID :CVE-2026-7654 Published : June 5, 2026, 11:16 p.m. | 1 hour, 57 minutes ago Description :The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()`...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-7654 - Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value

VERWANDTEARTIKEL

[High] CVE-2026-11416 – MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclo...

[High] CVE-2026-11424 – A server-side request forgery (SSRF) vulnerability exists in a GraphQL service c...

[Critical] CVE-2026-11429 – A path traversal vulnerability exists in the Git Service component shared by Alt...

[High] CVE-2026-11431 – A path traversal vulnerability exists in the Projects Service download endpoint ...

CVE-2026-11416 - MoviePilot Path Traversal via Cloud Storage Download Handlers

CVE-2026-11424 - Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure