Validation Bypass in XML-RPC API of WordPress Plugin
CVE-2026-44961
Currently unrated
What is CVE-2026-44961?
A vulnerability in the XML-RPC API's addUser method allows improper validation of user input, enabling unauthorized creation of usernames. This flaw, introduced in previous fixes, permits API users to perform impersonation and conduct stored XSS attacks. Security measures to validate user input have been enhanced, addressing the previously missing validation layer.
Affected Version(s)
Adserver 0 <= 6.0.6