PatchSiren

umarbajwa CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM umarbajwa CVE published 2026-07-16

CVE-2026-12409

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the ulpb_admin_ajax function. The vulnerability allows unauthenticated attackers to create, update, retitle, or change the post status, slug, and type of arbitrary posts and write ULPB_DAT [truncated]