cleantalk
Vulnerabilities and Security Researches

Emailchef, CVE-2026-1930

CVE, Research URL

CVE-2026-1930

Home page URL

Security reports for Emailchef

Application

Emailchef

Published on
Apr 22, 2026
Research Description
The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's settings via the 'emailchef_disconnect' AJAX action.
Affected versions
max 3.5.2.
Status
vulnerable
Previous vulnerability researches
Team – WordPress Team Members Showcase Plugin (CVE-2025-57975) , Apr 23, 2026
Team – WordPress Team Members Showcase Plugin (CVE-2026-25026) , Mar 30, 2026
Team – WordPress Team Members Showcase Plugin (CVE-2026-32396) , Mar 30, 2026
Team – WordPress Team Members Showcase Plugin (CVE-2024-9236) , May 19, 2025
Team – WordPress Team Members Showcase Plugin (CVE-2025-14124) , Jan 09, 2026
New vulnerability
Gallery with thumbnail slider (CVE-2025-5092) , Apr 24, 2026
Featured Post Creative (CVE-2026-6443) , Apr 24, 2026
Google PageRank Display (CVE-2026-6294) , Apr 24, 2026
Ni WooCommerce Order Export (CVE-2026-4140) , Apr 24, 2026
Slider Bootstrap Carousel (CVE-2026-4076) , Apr 24, 2026