CVE-2026-8073 | themeum Kirki Plugin up to 6.0.6 on WordPress downloadZIP path traversal

A vulnerability marked as problematic has been reported in themeum Kirki Plugin up to 6.0.6 on WordPress. This vulnerability affects the function downloadZIP. The manipulation leads to relative path traversal.

This vulnerability is uniquely identified as CVE-2026-8073. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More