{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T11:35:47.343","vulnerabilities":[{"cve":{"id":"CVE-2026-3906","sourceIdentifier":"security@wordfence.com","published":"2026-03-11T10:16:14.217","lastModified":"2026-04-22T21:27:27.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API `create_item_permissions_check()` method in the comments controller did not verify that the authenticated user has `edit_post` permission on the target post when creating a note. This makes it possible for authenticated attackers with Subscriber-level access to create notes on any post, including posts authored by other users, private posts, and posts in any status."},{"lang":"es","value":"El núcleo de WordPress es vulnerable a acceso no autorizado en las versiones 6.9 a 6.9.1. La función de Notas (anotaciones de colaboración a nivel de bloque) se introdujo en WordPress 6.9 para permitir comentarios editoriales directamente en las publicaciones en el editor de bloques. Sin embargo, el método `create_item_permissions_check()` de la API REST en el controlador de comentarios no verificó que el usuario autenticado tuviera permiso `edit_post` en la publicación objetivo al crear una nota. Esto hace posible que atacantes autenticados con acceso de nivel de Suscriptor creen notas en cualquier publicación, incluyendo publicaciones creadas por otros usuarios, publicaciones privadas y publicaciones en cualquier estado."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php#L562","source":"security@wordfence.com"},{"url":"https://core.trac.wordpress.org/changeset/61888","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a69782f0-aa61-4049-8339-7f27f4b6c36b?source=cve","source":"security@wordfence.com"}]}}]}