CVE-2026-1060 - WP Adminify <= 4.0.7.7 - unauthenticated sensitive information exposure via 'get-...

CVE ID : CVE-2026-1060 Published : Jan. 28, 2026, 2:25 p.m. | 33 minutes ago Description : The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission_callback set to __return_true, allowing unauthenticated attackers to retrieve the complete list of available addons, their installation status, version numbers, and download URLs. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...