Is CVE-2026-12415 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-12415 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-12415 affect?

CVE-2026-12415 affects WordPress.

Vulnerability intelligence

CVE-2026-12415

CVE-2026-12415: wp_ajax_nopriv_pravel_invoice_edit_account requires no capability check. Any unauthenticated request escalates to administrator. Plugin Roulette claims another round.

WordPress 2026

What WebPulse reported · 1 analysis

WordPress Invoice Generator: Unauthenticated Visitors Can Become Admin. CVSS 9.8. No Exploit Kit Required.

CVE-2026-12415: wp_ajax_nopriv_pravel_invoice_edit_account requires no capability check. Any unauthenticated request escalates to administrator. Plugin Roulette

June 28, 2026

View CVE-2026-12415 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-8206 CVE-2026-8181 CVE-2026-3844 CVE-2026-10795 CVE-2026-4020 CVE-2026-1293 CVE-2026-8732 CVE-2026-4798