Kirki – freeform page builder, website builder & customizer
This hub aggregates every CVE we track for Kirki – freeform page builder, website builder & customizer, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
HIGH1MEDIUM1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
1
2024-072026-06
Latest CVEs
The 3 most recently published vulnerabilities affecting Kirki – freeform page builder, website builder & customizer.
- CVE-2026-8206Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'9.8
- CVE-2026-8073Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP7.5
- CVE-2026-8096Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action6.5
Product normalization is registry-driven with AI assist and human review. How it works