WP Adminify Plugin Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing unauthorized access to sensitive information has been identified in the WP Adminify plugin for WordPress, affecting all versions through 4.0.7.7. This vulnerability arises from the '/wp-json/adminify/v1/get-addons-list' REST API endpoint, which is accessible without authentication. The endpoint exposes a complete list of available addons, including their installation status, version numbers, and download URLs.

Impact

Exploitation of this vulnerability allows for unauthorized users to access sensitive information about installed addons, potentially leading to unauthorized modifications or actions related to those addons.

Remediation

Users are advised to update the WP Adminify plugin to version 4.0.7.8 or later.

Added: Jan 28, 2026, 3:24 PM
Updated: Jan 28, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
0.6
exploitability
9.0
remediation
7.7
relevance
1.5
threat
3.2
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.