Vulnerabilities and security researches forcallbackkiller-service-widget callbackkiller-service-widget

Apr 15, 2026

CVE, Research URL: CVE-2026-1944
Home page URL: Security reports for CallbackKiller service widget
Application: CallbackKiller service widget
Date: Feb 14, 2026
Research Description: The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbk_save() function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settings via the 'cbk_save_v1' AJAX action.
Affected versions: max 1.2.
Status: vulnerable