Threats Tagged 'cve-2026-3895'
View all threats tagged with 'cve-2026-3895'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-3895'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-3895: CWE-862 Missing Authorization in livemesh WPBakery Page Builder Addons by LivemeshCVE-2026-3895 0 The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lvca_admin_ajax` AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not check user capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to modify plugin settings and inject malicious scripts that execute when administrators access the plugin settings page or when any user visits the frontend. Join the discussion | CVE Database V5 | 05/27/2026, 06:46:19 UTC Added: 05/27/2026, 08:03:35 UTC |
Showing 1 to 1 of 1 result