MEDIUM
solacewp
CVE published 2026-07-11
CVE-2026-13250
The Solace Extra plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 1.5.3. This allows unauthenticated attackers to permanently delete content previously imported via the Starter Template feature, including posts, pages, media attachments, WooCommerce products, taxonomy terms, and sitebuilder templates. The vulnerability is due to improper verification of us [truncated]