CVE Catalog

CVE-2026-54833

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Summary

The Enable CORS plugin versions up to 2.0.3 contain an unauthenticated backdoor that can be exploited by an unauthorized attacker.

Risk Assessment

An unauthenticated attacker can gain unauthorized access to the system, potentially leading to full compromise of the WordPress site.

Recommendation

Immediately update the Enable CORS plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS