PatchSiren

solacewp CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM solacewp CVE published 2026-07-11

CVE-2026-13250

The Solace Extra plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 1.5.3. This allows unauthenticated attackers to permanently delete content previously imported via the Starter Template feature, including posts, pages, media attachments, WooCommerce products, taxonomy terms, and sitebuilder templates. The vulnerability is due to improper verification of us [truncated]