CVE Disclosure · WordPress Plugin Ecosystem

CVE-2026-2717

HTTP Headers

CRLF injection

CVSS5.5

SeverityMedium

ClassCRLF injection

TrackWordPress Plugin Ecosystem

Summary

CVE-2026-2717 is a medium-severity vulnerability (CVSS 5.5) affecting HTTP Headers. The issue is classified as CRLF injection, part of the WordPress Plugin Ecosystem disclosure track on this site.

References

Authoritative sources and PoC material:

NVD↗MITRE↗PoC repo↗

Disclosure

Reporter: Kai Aizen (snailsploit)
Coordination: Vendor + MITRE/NVD
Status: Disclosed · CVE assigned · entry public on NVD
Track: WordPress Plugin Ecosystem

About this writeup

Detailed exploitation analysis, root-cause walkthrough, and remediation guidance for this finding live in the PoC repository. For broader methodology see services and research.

Author

Kai Aizen

Independent offensive security researcher. 23 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.

about services github x linkedin researchgate