Is CVE-2026-1293 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-1293 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-1293 affect?

CVE-2026-1293 affects WordPress.

Vulnerability intelligence

CVE-2026-1293

The most popular WordPress backup plugin gave unauthenticated attackers full admin access. Wordfence blocked 8,172 exploit attempts in 24 hours. The plugin supply chain strikes again.

WordPress 2026

What WebPulse reported · 2 analyses

UpdraftPlus: 3 Million WordPress Sites. Unauthenticated Admin RCE. No Login Required.

The most popular WordPress backup plugin gave unauthenticated attackers full admin access. Wordfence blocked 8,172 exploit attempts in 24 hours. The plugin supp

June 13, 2026

Kirki Plugin: 500,000 WordPress Sites Exposed to Admin Account Takeover via Password Reset

CVE-2026-8206. CVSS 9.8. The Kirki page builder plugin's password reset mechanism lets attackers take over administrator accounts. 150,000 sites running the vul

June 13, 2026

View CVE-2026-1293 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-8206 CVE-2026-8181 CVE-2026-3844 CVE-2026-10795 CVE-2026-4020 CVE-2026-8732 CVE-2026-4798 CVE-2026-3300