PatchSiren cyber security CVE debrief
CVE-2026-42411 XServer CVE debrief
CVE-2026-42411 is a HIGH severity vulnerability (CVSS Score: 8.1) in the CloudSecure WP Security plugin versions <= 1.4.7. The vulnerability is caused by unauthenticated broken authentication. The CVE was published on 2026-06-15T21:16:54.357Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- XServer
- Product
- CloudSecure WP Security
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of CloudSecure WP Security plugin versions <= 1.4.7 should apply patches or mitigations as soon as possible to prevent exploitation.
Technical summary
The vulnerability has a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and is classified under CWE-288. It was reported by [email protected].
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to CloudSecure WP Security plugin versions <= 1.4.7.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/cloudsecure-wp-security/vulnerability/wordpress-cloudsecure-wp-security-plugin-1-4-7-broken-authentication-vulnerability?_s_id=cve) for mitigation or more
Evidence notes
The CVE record can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-42411) and NVD details at [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-42411).
Official resources
-
CVE-2026-42411 CVE record
CVE.org
-
CVE-2026-42411 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42411 was published on 2026-06-15T21:16:54.357Z and last modified on 2026-06-15T21:24:32.790Z.