Threats Tagged 'cve-2026-15155'
View all threats tagged with 'cve-2026-15155'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-15155'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-15155: CWE-640 Weak Password Recovery Mechanism for Forgotten Password in wpdevteam Essential Addons for Elementor – Popular Elementor Templates & WidgetsCVE-2026-15155 0 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient server-side validation of a Login/Register widget setting used to construct outgoing email headers — the allowed-values restriction is enforced only in the client-side editor UI and not on the server, and the applied sanitization does not strip or encode CR/LF characters, allowing CRLF sequences stored in that setting to survive into raw mail headers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject an additional Bcc header into the WordPress administrator's password-reset notification email, receive a copy of a valid administrator password-reset link, and achieve full administrator account takeover. Join the discussion | CVE Database V5 | 07/11/2026, 05:35:49 UTC Added: 07/11/2026, 06:33:04 UTC |
Showing 1 to 1 of 1 result