CVE-2026-9860 - Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action
CVE ID :CVE-2026-9860 Published : June 18, 2026, 4:31 a.m. | 4 hours, 38 minutes ago Description :The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter...