Skip to main content

Overview

Cisco has released a security advisory addressing a high-severity vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability is due to improper input validation and could allow an unauthenticated, remote attacker to perform server-side request forgery (SSRF) attacks through affected devices.

  • CVE-2026-20230: Server-Side Request Forgery Vulnerability (CVSSv3 8.6). Affected versions: All versions of Cisco Unified CM and Unified CM SME with the WebDialer service enabled.

 

Wordfence has release multiple security advisories addressing critical vulnerabilities in the Tobias Webinarlgnition and the Kirki WordPress plugins. These vulnerabilities are unauthenticated privilege escalation flaws in WordPress plugins that allow attackers to manipulate account recovery or input handling mechanisms to gain elevated access. Successful exploitation could lead to administrator account take over, potentially leading to full site compromise, including data theft, site modification, or deployment of malware.

  • CVE-2026-8206: Unauthenticated Privilege Escalation Vulnerability In The Kirki WordPress Plugin (CVSSv3 9.8). Affected versions: 6.0.0 <= 6.0.6
  • CVE-2026-42758: Unauthenticated Privilege Escalation Vulnerability In The Tobias Webinarlgnition WordPress Plugin (CVSSv3 9.8). Affected versions: < 4.08.253

 

Ivanti has released a security advisory addressing a high-severity vulnerability. This is an improper access control vulnerability in Ivanti Neurons for ITSM that allows a remote, authenticated attacker with low privileges to escalate to full administrative access. Exploitation could enable complete compromise of the ITSM environment, allowing attackers to access sensitive data, modify system configurations, and disrupt critical service management operations.

  • CVE-2026-9614: Improper Access Control Vulnerability (CVSSv3 8.8). Affected versions: Ivanti Neurons for ITSM (On-Premises) <= 2025.1, Ivanti Neurons for ITSM (Cloud) <= 2026.1

 

Recommended Action    

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:        

Cisco  –    Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

Wordfence  –    WordPress Vulnerability Database

Ivanti  –    Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.  

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates