cleantalk
Vulnerabilities and Security Researches

CallbackKiller service widget, CVE-2026-1944

CVE, Research URL

CVE-2026-1944

Home page URL

Security reports for CallbackKiller service widget

Application

CallbackKiller service widget

Published on
Feb 14, 2026
Research Description
The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbk_save() function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settings via the 'cbk_save_v1' AJAX action.
Affected versions
max 1.2.
Status
vulnerable
Previous vulnerability researches
CallbackKiller service widget (CVE-2026-1944) , Apr 15, 2026
New vulnerability
Collect.chat – Chatbot ⚡️ (CVE-2026-0736) , Apr 15, 2026
SQL Chart Builder (CVE-2026-4079) , Apr 15, 2026
FastDup – Fastest WordPress Migration & Duplicator (CVE-2026-1104) , Apr 15, 2026
Timeline Block (CVE-2026-1228) , Apr 15, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-3180) , Apr 15, 2026