CVE-2026-12281 - Shibboleth < 2.5.4 - Unauthenticated Administrator Account Creation via Identity Header Spoofing
CVE ID :CVE-2026-12281 Published : July 15, 2026, 6:16 a.m. | 6 hours, 17 minutes ago Description :The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers...