Mass unauthenticated account takeover in WordPress plugins leads critical week
Executive Summary
Overview
This week's feed logged 1728 vulnerabilities, including 190 critical and 668 high-severity issues, with no entries on CISA's Known Exploited Vulnerabilities catalog. Public proof-of-concept code exists for 131 of these flaws, while 308 critical- and high-severity vulnerabilities remain unpatched. The top findings are dominated by unauthenticated account takeover in two WordPress plugins (CVE-2026-12417, CVE-2026-12416) and remote code execution across Feast, Gitea act_runner, Flowise, and FOSSBilling, several with available exploit code and no vendor patch.
Critical Threats
- CVE-2026-12417 (CRITICAL, CVSS 9.8) — Unauthenticated account takeover in the WordPress SignUp & SignIn plugin (versions ≤ 1.0.0) allows remote attackers to reset any user's password, including administrators, via the unauthenticated
pravel_change_passwordAJAX action. Public exploit code available; no vendor-released patch identified. - CVE-2026-12416 (CRITICAL, CVSS 9.8) — WordPress Invoice Generator plugin (versions through 1.0.0) account takeover via unauthenticated password reset. Public exploit code available; no vendor-released patch identified. Unauthenticated remote attackers can reset any user's password, including administrators.
- CVE-2026-58053 (CRITICAL, CVSS 9.4) — Gitea act_runner container escape via Docker backend (through act 0.262.0) allows an authenticated user with workflow-execution rights to break out to the host as root even when privileged mode is disabled. Public exploit code available.
- CVE-2026-56121 (CRITICAL, CVSS 9.3) — Remote code execution in Python/Feast (open-source ML feature store) before 0.63.0; unauthenticated remote attackers can execute OS commands as the feast service account via a crafted ApplyFeatureView gRPC request to the registry server. Public exploit code available; upstream fix available (PR/commit).
- CVE-2026-28496 (CRITICAL, CVSS 9.4) — FOSSBilling server-side template injection allowing authenticated administrators to execute arbitrary code via Twig expressions in template-rendering features. Public exploit code available; no vendor-released patch identified.
- CVE-2026-56786 (CRITICAL, CVSS 9.3) — RTKLIB out-of-bounds write in
decode_type1033affecting all versions through 2.4.3, where unclamped length counters allow overflow into fixed descriptor fields when parsing RTCM3 type-1033 messages. Public exploit code available; no vendor-released patch identified. - CVE-2026-54069 (CRITICAL, CVSS 9.2) — Google/SiYuan Note origin-validation bypass allows any installed Chrome/Chromium browser extension to obtain administrator access to the local kernel HTTP server. Public exploit code available; vendor-released patch: 3.7.0.
- CVE-2026-56274 (HIGH, CVSS 8.7) — Flowise remote code execution via incomplete command validation in the Custom MCP Server feature allows any authenticated user with chatflow view/update permissions to run arbitrary OS commands on the host. Public exploit code available; vendor-released patch: 3.1.2.
Threat Landscape
Most-affected vendors: Linux (414), WordPress (115), Suse (54), Microsoft (53), Google (46).
Most common attack techniques: Information Disclosure (585), Authentication Bypass (312), Denial Of Service (229), XSS (149), Buffer Overflow (137).
Patch coverage: 1114 of 1728 CVEs have a patch; 308 Critical/High remain unpatched.
Key Trends
- Volume is 12% down week-over-week (1968 → 1728 CVEs).
- 131 CVEs have public exploit code.
Top 8 Priority CVEs
Unauthenticated account takeover in the SignUp & SignIn WordPress plugin (versions ≤ 1.0.0) allows remote attackers to reset any user's password - including administrators - via the unauthenticated `pravel_change_password` AJAX action. No public exploit identified at time of analysis, but the trivially-bypassable empty-string comparison and AV:N/AC:L/PR:N/UI:N vector make exploitation essentially one HTTP request. The plugin's small footprint likely keeps EPSS low, but any site running it is fully exposed.
Account takeover in the Invoice Generator WordPress plugin (versions through 1.0.0) allows unauthenticated remote attackers to reset the password of any user, including administrators, by abusing the nopriv `pravel_invoice_change_password()` AJAX handler. Reported by Wordfence with a CVSS of 9.8 and tagged for RCE potential via subsequent admin compromise; no public exploit identified at time of analysis, though the trivial nature of the bug makes weaponization straightforward.
Container escape in Gitea act_runner (Docker backend, through act 0.262.0) lets an authenticated user with workflow-execution rights break out to the host as root even when privileged mode is disabled. The runner passes a workflow's container.options string straight into the Docker job container's HostConfig and only forces the Privileged flag off, leaving dangerous options like --pid=host, --cap-add, and --security-opt intact. Publicly available exploit code exists (reported by VulnCheck), though it is not listed in CISA KEV.
Remote code execution in Feast (the open-source ML feature store) before 0.63.0 lets remote attackers run OS commands as the feast service account by sending a crafted ApplyFeatureView gRPC request to the registry server. The registry base64-decodes the user_defined_function.body field of an OnDemandFeatureView and passes it to dill.loads() before any authorization check, so no credentials are required. A publicly available exploit code exists (reported by VulnCheck via huntr) and a vendor patch is available, though the flaw is not listed in CISA KEV.
Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arbitrary code and disclose sensitive information by injecting Twig expressions into template-rendering features. The unsandboxed Twig environment exposes the application's dependency injection container, turning any admin-accessible template surface into a full RCE primitive. No public exploit identified at time of analysis, but a related auth-bypass chain (GHSA-78x5-c8gw-8279) is documented by VulnCheck and could lower the practical privilege bar.
Out-of-bounds write in RTKLIB's decode_type1033 function affects all versions through 2.4.3, where unclamped length counters allow up to a 191-byte overflow into fixed 64-byte descriptor fields when parsing an RTCM3 type-1033 message. An attacker who controls an NTRIP or serial RTCM3 correction stream can deliver a CRC-valid crafted message to corrupt adjacent rtcm_t members, potentially achieving arbitrary code execution or denial of service. Publicly available exploit code exists (reported by VulnCheck), though there is no public exploit identified as actively exploited in CISA KEV.
Origin-validation bypass in SiYuan Note (open-source personal knowledge management) before 3.7.0 lets any installed Chrome/Chromium browser extension obtain RoleAdministrator access to the local kernel HTTP server at 127.0.0.1:6806. Because the kernel unconditionally trusts all chrome-extension:// origins and desktop installs ship with an empty AccessAuthCode by default, a malicious or supply-chain-compromised extension can issue fully authenticated admin API calls with no further authentication, enabling data exfiltration, stored XSS injection, and configuration tampering. Publicly available exploit code exists; there is no public exploit identified as actively exploited.
Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update permissions) to abuse the Custom MCP Server feature and run arbitrary OS commands on the host. The validateCommandFlags blocklist and validateArgsForLocalFileAccess regex are incomplete - for example 'docker build' is permitted and 'npx --yes' is permitted while only '-y' is blocked - letting attackers point Flowise at a hostile Dockerfile or local script to achieve full host compromise. Publicly available exploit code exists (the GHSA advisory ships a reproduction), though there is no public exploit identified at time of analysis in CISA KEV.