-6

Our AI Agent recently audited Slider Future (1,000+ active installations) and identified a critical Unauthenticated RCE, now designated as CVE-2026-1405.

While pattern-matching approaches are effective at identifying broad code signatures, this specific vulnerability resides in the logical flow of the REST API.

The endpoint /upload-image/ allows unauthenticated access because the permission_callback is set to __return_true.

Check detail here:https://www.cve.org/CVERecord?id=CVE-2026-1405

@wordpress@lemmy.world @WordPress@mastodon.world @wordfence

#AppSec #ZAST #VulnerabilityResearch #WordPress #RCE

no comments (yet)
sorted by: hot top new old
there doesn't seem to be anything here
this post was submitted on 18 Feb 2026
-6 points (28.6% liked)

WordPress

787 readers
1 users here now

A place to talk about WordPress the open source content management system. Also a place to ask for help with WordPress. Don't be rude, don't spam.

I check this once a week, so if you don't hear from me hit me up on Mastodon (phillycodehound@indieweb.social)

founded 2 years ago
MODERATORS