{"id":8632,"date":"2026-06-17T11:23:32","date_gmt":"2026-06-17T11:23:32","guid":{"rendered":"https:\/\/locaterisk.com\/de\/?p=8632"},"modified":"2026-06-17T14:43:47","modified_gmt":"2026-06-17T14:43:47","slug":"cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/fr\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/","title":{"rendered":"CVE-2026-25470 : Vuln\u00e9rabilit\u00e9 critique dans le plugin WordPress ACPT (CVSS 10.0)"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\r\n    <div class=\"content\">\r\n\t\t<div class=\"headline\">\r\n\t\t\t<button class=\"to-blog-button\">Retour au blog                <a href=\"https:\/\/locaterisk.com\/fr\/blog\/\"><\/a>\r\n\t\t\t<\/button>\r\n\t\t\t\t\t<\/div>\r\n        <div class=\"main-content\">\r\n\t\t\t\t\t\t<!--\r\n            <div class=\"header\">\r\n                <h6> <\/h6>\r\n            <\/div>\r\n\t\t\t\t\t\t-->\r\n            <h1 class=\"title\">CVE-2026-25470 : Vuln\u00e9rabilit\u00e9 critique dans le plugin WordPress ACPT (CVSS 10.0)<\/h1>\r\n            <p class=\"paragraph\"><br>Le 16 juin 2026, une vuln\u00e9rabilit\u00e9 critique a \u00e9t\u00e9 d\u00e9couverte dans le plugin WordPress \u201e ACPT (Pro) \u2013 Custom Post Types \u201c, sous le num\u00e9ro d'identification <strong>CVE-2026-25470<\/strong> (qui ne figurait pas encore dans le catalogue NVD au moment de la publication) a \u00e9t\u00e9 rendue publique. Cette vuln\u00e9rabilit\u00e9 se voit attribuer le score CVSS maximal de <strong>10.0<\/strong> est consid\u00e9r\u00e9e comme critique et permet \u00e0 des attaquants d'ex\u00e9cuter du code arbitraire sans authentification (ex\u00e9cution de code \u00e0 distance, RCE). Toutes les versions du plugin jusqu'\u00e0 et y compris <strong>2.0.47<\/strong> sont concern\u00e9s, ce qui repr\u00e9sente un risque de s\u00e9curit\u00e9 consid\u00e9rable pour les exploitants des sites web concern\u00e9s.<\/p>\r\n        <\/div>\r\n    <\/div>\r\n<\/div>\r\n\r\n\r\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"400\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured.png\" alt=\"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0)\" class=\"wp-image-8634\" srcset=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured.png 400w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured-300x300.png 300w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured-150x150.png 150w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured-12x12.png 12w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>Analyse technique de la vuln\u00e9rabilit\u00e9<\/strong><\/h2>\n\n\n\n<p>Cette vuln\u00e9rabilit\u00e9 est d\u00e9sign\u00e9e sous le nom de <strong>CWE-94 (Contr\u00f4le inad\u00e9quat de la g\u00e9n\u00e9ration de code)<\/strong>, \u00e9galement connue sous le nom d\u2019\u00ab injection de code \u00bb. Elle permet \u00e0 un attaquant distant non authentifi\u00e9 d\u2019injecter son propre code directement dans le contexte du serveur web et de l\u2019ex\u00e9cuter. Cela permet de prendre le contr\u00f4le total de l\u2019instance WordPress. La description technique compl\u00e8te se trouve dans le <a href=\"https:\/\/patchstack.com\/database\/wordpress\/plugin\/advanced-custom-post-type\/vulnerability\/wordpress-acpt-pro-custom-post-types-plugin-for-wordpress-plugin-2-0-47-remote-code-execution-rce-vulnerability?_s_id=cve\" target=\"_blank\" rel=\"noreferrer noopener\">Avis Patchstack<\/a> consultable.<\/p>\n\n\n\n<p>Le vecteur CVSS <strong>CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H<\/strong> d\u00e9crit la nature critique du probl\u00e8me. Les principaux param\u00e8tres sont expliqu\u00e9s ci-dessous :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AV:N (Vecteur d'attaque : R\u00e9seau) :<\/strong> L'attaque peut \u00eatre lanc\u00e9e via Internet.<\/li>\n\n\n\n<li><strong>AC:L (Complexit\u00e9 de l'attaque : faible) :<\/strong> Aucune pr\u00e9paration complexe n'est n\u00e9cessaire pour mener une attaque r\u00e9ussie.<\/li>\n\n\n\n<li><strong>PR:N (Privil\u00e8ges requis : aucun) :<\/strong> L'attaquant n'a besoin ni d'identifiants ni d'autorisations existantes.<\/li>\n\n\n\n<li><strong>UI:N (Interaction utilisateur : Aucune) :<\/strong> Une attaque ne n\u00e9cessite aucune interaction de la part de l'utilisateur.<\/li>\n\n\n\n<li><strong>S:C (Port\u00e9e : modifi\u00e9e) :<\/strong> L'attaquant peut, via le plugin WordPress, compromettre d'autres ressources du serveur web ou du syst\u00e8me d'exploitation sous-jacent.<\/li>\n<\/ul>\n\n\n\n<p>Cette d\u00e9couverte est attribu\u00e9e au chercheur en s\u00e9curit\u00e9 Jarno Vos, qui a signal\u00e9 le probl\u00e8me via le programme de prime aux bogues de Patchstack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Cons\u00e9quences sur la s\u00e9curit\u00e9 de l'entreprise et la conformit\u00e9<\/strong><\/h2>\n\n\n\n<p>Une exploitation r\u00e9ussie de la vuln\u00e9rabilit\u00e9 CVE-2026-25470 peut entra\u00eener la compromission de l'ensemble du site web. Cela peut notamment entra\u00eener le vol de donn\u00e9es sensibles issues de la base de donn\u00e9es (par exemple, des donn\u00e9es clients), la propagation de logiciels malveillants ou l\u2019int\u00e9gration du site web dans un r\u00e9seau de zombies. De tels incidents constituent non seulement un risque technique, mais aussi un risque en mati\u00e8re de conformit\u00e9. Dans le cadre de r\u00e9glementations telles que <strong>NIS-2<\/strong> ou des certifications conformes \u00e0 <strong>ISO 27001<\/strong> Les organisations sont tenues de mettre en place une gestion efficace des vuln\u00e9rabilit\u00e9s et de r\u00e9agir rapidement aux menaces critiques.<\/p>\n\n\n\n<p>Pour les organisations situ\u00e9es en Allemagne, en Autriche et en Suisse, cela entra\u00eene en outre des obligations juridiques concr\u00e8tes : si l'exploitation de cette faille entra\u00eene une fuite de donn\u00e9es \u00e0 caract\u00e8re personnel, la <strong>Obligation de notification au titre du RGPD, conform\u00e9ment \u00e0 l'article 33<\/strong>: Les responsables doivent signaler l'incident dans un d\u00e9lai de <strong>72 heures<\/strong> le signaler \u00e0 l'autorit\u00e9 comp\u00e9tente en mati\u00e8re de protection des donn\u00e9es. Les exploitants d'infrastructures essentielles ou importantes au sens de la <strong>Directive NIS 2<\/strong> sont en outre tenus de signaler sans d\u00e9lai tout incident de s\u00e9curit\u00e9 majeur et de mettre en place des mesures de protection appropri\u00e9es. Le BSI recommande en principe de d\u00e9sactiver imm\u00e9diatement les plugins non mis \u00e0 jour pr\u00e9sentant un score CVSS critique, jusqu\u2019\u00e0 ce qu\u2019un correctif officiel du fabricant soit disponible.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Mesures d'urgence recommand\u00e9es<\/strong><\/h2>\n\n\n\n<p>Au moment de la publication, le 16 juin 2026, la situation \u00e9tait la suivante : <strong>pas de correctif de s\u00e9curit\u00e9 officiel<\/strong> par l'\u00e9diteur du plugin. Il n'existe actuellement aucune version corrig\u00e9e du plugin ACPT ; d\u00e8s qu'une version corrig\u00e9e sera disponible, une mise \u00e0 jour imm\u00e9diate sera n\u00e9cessaire. Il est donc vivement recommand\u00e9 aux administrateurs de mettre en \u0153uvre la mesure suivante :<\/p>\n\n\n\n<p><strong>Recommandation principale : d\u00e9sactiver le plugin<\/strong> La m\u00e9thode la plus s\u00fbre pour minimiser les risques consiste \u00e0 d\u00e9sactiver et \u00e0 d\u00e9sinstaller imm\u00e9diatement le plugin ACPT sur tous les syst\u00e8mes WordPress. Cela permet de supprimer compl\u00e8tement le composant vuln\u00e9rable de l'environnement du syst\u00e8me.<\/p>\n\n\n\n<p>Pour les clients du prestataire de services de s\u00e9curit\u00e9 Patchstack, un correctif virtuel (vPatch) est disponible, \u00e0 condition que Patchstack l'ait fourni pour cette vuln\u00e9rabilit\u00e9 CVE ; celui-ci permet de bloquer la tentative d'attaque au niveau du pare-feu d'application web (WAF). Cette solution ne doit toutefois \u00eatre consid\u00e9r\u00e9e que comme une mesure provisoire, en attendant la publication d'une version officiellement corrig\u00e9e du plugin.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Assurer la transparence de la surface d'attaque avec LocateRisk<\/strong><\/h2>\n\n\n\n<p>Des vuln\u00e9rabilit\u00e9s telles que CVE-2026-25470 montrent \u00e0 quelle vitesse un simple composant non corrig\u00e9 peut devenir une faille dans l'ensemble d'une infrastructure num\u00e9rique, en particulier lorsque les installations WordPress en entreprise se sont multipli\u00e9es au fil du temps et n'ont plus fait l'objet d'un inventaire complet.<\/p>\n\n\n\n<p>Le site <strong>Gestion de la surface d'attaque externe (EASM)<\/strong>La plateforme de LocateRisk automatise la collecte et l'\u00e9valuation en continu de tous les syst\u00e8mes informatiques accessibles depuis l'ext\u00e9rieur. Elle identifie les installations WordPress accessibles au public, y compris celles qui ont \u00e9t\u00e9 oubli\u00e9es au fil du temps ou qui sont g\u00e9r\u00e9es par des agences externes sans documentation centralis\u00e9e, et d\u00e9tecte, gr\u00e2ce \u00e0 des m\u00e9thodes d\u2019empreinte num\u00e9rique, les plugins utilis\u00e9s tels que ACPT. Les \u00e9quipes de s\u00e9curit\u00e9 informatique disposent ainsi d\u2019une vue d\u2019ensemble rapide et pr\u00e9cise des syst\u00e8mes affect\u00e9s par une vuln\u00e9rabilit\u00e9 critique avant m\u00eame qu\u2019un incident de s\u00e9curit\u00e9 ne se produise.<\/p>\n\n\n\n<p>LocateRisk fait office de syst\u00e8me d'alerte pr\u00e9coce num\u00e9rique : au lieu de devoir v\u00e9rifier manuellement des dizaines d'instances, les RSSI et les \u00e9quipes informatiques voient d'un seul coup d'\u0153il quels syst\u00e8mes sont concr\u00e8tement affect\u00e9s par la vuln\u00e9rabilit\u00e9 CVE-2026-25470 et peuvent prendre des mesures correctives avant que les pirates n'exploitent cette faille.<\/p>\n\n\n\n<p>Si des prestataires externes ou des agences g\u00e8rent des installations WordPress pour le compte de votre entreprise, cela engendre un risque suppl\u00e9mentaire li\u00e9 aux fournisseurs : la s\u00e9curit\u00e9 de votre pr\u00e9sence num\u00e9rique d\u00e9pend alors \u00e9galement de la gestion des correctifs par des tiers. Avec <strong>Gestion continue des risques li\u00e9s aux fournisseurs (C-VRM)<\/strong> LocateRisk facilite l'\u00e9valuation automatis\u00e9e de la s\u00e9curit\u00e9 de ces prestataires et assure la transparence sur les risques pr\u00e9sents dans la cha\u00eene d'approvisionnement num\u00e9rique. La plateforme LocateRisk est h\u00e9berg\u00e9e dans des centres de donn\u00e9es allemands et aide les organisations \u00e0 se conformer aux exigences du RGPD.<\/p>\n\n\n\n<p><br><br>Sources et informations compl\u00e9mentaires<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Sources et informations compl\u00e9mentaires<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Patchstack (source principale) :<\/strong> <a href=\"https:\/\/patchstack.com\/database\/wordpress\/plugin\/advanced-custom-post-type\/vulnerability\/wordpress-acpt-pro-custom-post-types-plugin-for-wordpress-plugin-2-0-47-remote-code-execution-rce-vulnerability?_s_id=cve\" target=\"_blank\" rel=\"noreferrer noopener\">Plugin WordPress ACPT (Pro) 2.0.47 \u2013 Vuln\u00e9rabilit\u00e9 d'ex\u00e9cution de code \u00e0 distance (RCE)<\/a><\/li>\n\n\n\n<li><strong>Wordfence Threat Intelligence :<\/strong> <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/advanced-custom-post-type\/acpt-pro-custom-post-types-plugin-for-wordpress-2047-unauthenticated-remote-code-execution\" target=\"_blank\" rel=\"noreferrer noopener\">ACPT (Pro) &lt;= 2.0.47 - Ex\u00e9cution de code \u00e0 distance sans authentification<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Connaissez-vous votre surface d'attaque externe ?<\/strong><\/h2>\n\n\n\n<p>LocateRisk identifie en continu et de mani\u00e8re automatis\u00e9e vos syst\u00e8mes informatiques externes et \u00e9value leur niveau de s\u00e9curit\u00e9. Obtenez une vision claire de vos actifs expos\u00e9s.<\/p>\n\n\n\n<p><a href=\"https:\/\/locaterisk.com\/fr\/demo\/\" target=\"_blank\" rel=\"noreferrer noopener\">Demander un contr\u00f4le de s\u00e9curit\u00e9 gratuit<\/a><\/p>\n\n\n\n<div class=\"wp-block-lr-faq-module\"><div class=\"content\"><h3><strong>Questions fr\u00e9quentes<\/strong><\/h3><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Qu'est-ce que le CVE-2026-25470 ?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">CVE-2026-25470 est une vuln\u00e9rabilit\u00e9 critique (CVSS 10.0) dans le plugin WordPress \u201e ACPT (Pro) \u2013 Custom Post Types \u201c, class\u00e9e sous le code CWE-94 (injection de code). Elle permet \u00e0 des attaquants d\u2019injecter du code malveillant via le r\u00e9seau afin de prendre le contr\u00f4le total du serveur web (changement de p\u00e9rim\u00e8tre). La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 rendue publique le 16 juin 2026 par le programme de prime aux bogues Patchstack.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Quelles versions du plugin ACPT sont concern\u00e9es, et existe-t-il d\u00e9j\u00e0 un correctif ?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Toutes les versions du plugin jusqu'\u00e0 et y compris <strong>2.0.47<\/strong> sont concern\u00e9s par cette vuln\u00e9rabilit\u00e9. \u00c0 la date de publication (16 juin 2026), <strong>pas de correctif officiel<\/strong> fourni par le fabricant. Il est recommand\u00e9 de d\u00e9sactiver et de d\u00e9sinstaller imm\u00e9diatement le plugin jusqu'\u00e0 ce qu'une version corrig\u00e9e soit disponible.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Comment les administrateurs peuvent-ils prot\u00e9ger leur installation WordPress en l'absence de correctif disponible ?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">La recommandation principale est de d\u00e9sactiver et de d\u00e9sinstaller imm\u00e9diatement le plugin ACPT. Les clients de Patchstack peuvent, dans la mesure o\u00f9 un correctif virtuel (vPatch) correspondant \u00e0 cette vuln\u00e9rabilit\u00e9 CVE a \u00e9t\u00e9 mis \u00e0 disposition, activer une protection temporaire au niveau du WAF. Celle-ci ne remplace toutefois pas le correctif officiel du fabricant et ne doit \u00eatre utilis\u00e9e qu\u2019\u00e0 titre de mesure provisoire.<\/p><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2><br>Demandez maintenant une D\u00e9mo en direct personelle<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identifiez et r\u00e9duisez vos cyber-risques gr\u00e2ce \u00e0 un aper\u00e7u comparable et compr\u00e9hensible de votre s\u00e9curit\u00e9 informatique. Demandez conseil \u00e0 nos experts et d\u00e9couvrez comment LocateRisk peut vous aider \u00e0 r\u00e9soudre vos cyber-risques.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"Ihre Registrierung war erfolgreich Ihre Anfrage wurde erfolgreich versendet. Wir haben Ihnen soeben eine Best\u00e4tigungsmail mit einem Aktivierungs-Link zugesendet, um einem Missbrauch Ihrer E-Mail Adresse durch Dritte vorzubeugen. Die Mail wird von sales@locaterisk.com versendet und sollte sich i n wenigen Minuten in Ihrem Posteingang finden.\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"Da ist wohl etwas schief gelaufen. Bitte probieren Sie es erneut oder nehmen Sie direkt mit uns Kontakt auf\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"Pr\u00e9nom\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"Nom\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Courrier \u00e9lectronique\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"T\u00e9l\u00e9phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p>je suis d'accord avec <a href=\"https:\/\/locaterisk.com\/fr\/datenschutz\/\">politique de confidentialit\u00e9.<\/a> confidentialit\u00e9<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\"> Demander une d\u00e9mo<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"fr\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>En savoir plus, r\u00e9server une d\u00e9mo ou simplement \u00e9changer quelques mots ? Nous nous en r\u00e9jouissons !<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Votre Contact<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">PDG<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Contactez-nous maintenant<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/fr\/\">Accueil<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/about\/\">par rapport \u00e0 nous<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/impressum\/\">mentiones l\u00e9gales<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/datenschutz\/\">Confidentialit\u00e9<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/agb.pdf\">CONDITIONS G\u00c9N\u00c9RALES DE VENTE<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/jobs\/\">Carri\u00e8re<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/sec-information.pdf\">s\u00e9curit\u00e9<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Centre de confiance<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Analyse de la vuln\u00e9rabilit\u00e9 critique CVE-2026-25470 (CVSS 10.0) permettant l'ex\u00e9cution de code \u00e0 distance dans le plugin WordPress ACPT. Les versions jusqu'\u00e0 la 2.0.47 sont concern\u00e9es. Des mesures imm\u00e9diates s'imposent.<\/p>","protected":false},"author":13,"featured_media":8634,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[665,667,664,316,92,492,113,115,199,666],"class_list":["post-8632","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogpost","tag-acpt-wordpress-plugin","tag-code-injection","tag-cve-2026-25470","tag-cvss-10-0","tag-easm","tag-patchstack","tag-rce","tag-schwachstelle","tag-vrm","tag-wordpress-sicherheit"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0) - LocateRisk<\/title>\n<meta name=\"description\" content=\"Analyse der kritischen Remote-Code-Execution-Schwachstelle CVE-2026-25470 (CVSS 10.0) im WordPress-Plugin ACPT. Betroffen sind Versionen bis 2.0.47. Sofortma\u00dfnahmen sind erforderlich.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/fr\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0) - LocateRisk\" \/>\n<meta property=\"og:description\" content=\"Analyse der kritischen Remote-Code-Execution-Schwachstelle CVE-2026-25470 (CVSS 10.0) im WordPress-Plugin ACPT. Betroffen sind Versionen bis 2.0.47. Sofortma\u00dfnahmen sind erforderlich.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/fr\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-17T11:23:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-17T14:43:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristina Hoinkis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristina Hoinkis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/\"},\"author\":{\"name\":\"Kristina Hoinkis\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\"},\"headline\":\"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0)\",\"datePublished\":\"2026-06-17T11:23:32+00:00\",\"dateModified\":\"2026-06-17T14:43:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/\"},\"wordCount\":761,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cve-2026-25470-vulnerability-disclosure-featured.png\",\"keywords\":[\"ACPT WordPress Plugin\",\"Code Injection\",\"CVE-2026-25470\",\"CVSS 10.0\",\"EASM\",\"Patchstack\",\"RCE\",\"Schwachstelle\",\"VRM\",\"WordPress Sicherheit\"],\"articleSection\":[\"Blog post\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/\",\"name\":\"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0) - LocateRisk\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cve-2026-25470-vulnerability-disclosure-featured.png\",\"datePublished\":\"2026-06-17T11:23:32+00:00\",\"dateModified\":\"2026-06-17T14:43:47+00:00\",\"description\":\"Analyse der kritischen Remote-Code-Execution-Schwachstelle CVE-2026-25470 (CVSS 10.0) im WordPress-Plugin ACPT. Betroffen sind Versionen bis 2.0.47. Sofortma\u00dfnahmen sind erforderlich.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cve-2026-25470-vulnerability-disclosure-featured.png\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cve-2026-25470-vulnerability-disclosure-featured.png\",\"width\":400,\"height\":400,\"caption\":\"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\",\"name\":\"Kristina Hoinkis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"caption\":\"Kristina Hoinkis\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0) - LocateRisk","description":"Analyse de la vuln\u00e9rabilit\u00e9 critique CVE-2026-25470 (CVSS 10.0) permettant l'ex\u00e9cution de code \u00e0 distance dans le plugin WordPress ACPT. Les versions jusqu'\u00e0 la 2.0.47 sont concern\u00e9es. Des mesures imm\u00e9diates s'imposent.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/fr\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/","og_locale":"fr_FR","og_type":"article","og_title":"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0) - LocateRisk","og_description":"Analyse der kritischen Remote-Code-Execution-Schwachstelle CVE-2026-25470 (CVSS 10.0) im WordPress-Plugin ACPT. Betroffen sind Versionen bis 2.0.47. Sofortma\u00dfnahmen sind erforderlich.","og_url":"https:\/\/locaterisk.com\/fr\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/","og_site_name":"LocateRisk","article_published_time":"2026-06-17T11:23:32+00:00","article_modified_time":"2026-06-17T14:43:47+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured.png","type":"image\/png"}],"author":"Kristina Hoinkis","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Kristina Hoinkis","Dur\u00e9e de lecture estim\u00e9e":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/"},"author":{"name":"Kristina Hoinkis","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32"},"headline":"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0)","datePublished":"2026-06-17T11:23:32+00:00","dateModified":"2026-06-17T14:43:47+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/"},"wordCount":761,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured.png","keywords":["ACPT WordPress Plugin","Code Injection","CVE-2026-25470","CVSS 10.0","EASM","Patchstack","RCE","Schwachstelle","VRM","WordPress Sicherheit"],"articleSection":["Blog post"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/","url":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/","name":"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0) - LocateRisk","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured.png","datePublished":"2026-06-17T11:23:32+00:00","dateModified":"2026-06-17T14:43:47+00:00","description":"Analyse de la vuln\u00e9rabilit\u00e9 critique CVE-2026-25470 (CVSS 10.0) permettant l'ex\u00e9cution de code \u00e0 distance dans le plugin WordPress ACPT. Les versions jusqu'\u00e0 la 2.0.47 sont concern\u00e9es. Des mesures imm\u00e9diates s'imposent.","breadcrumb":{"@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured.png","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-25470-vulnerability-disclosure-featured.png","width":400,"height":400,"caption":"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0)"},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/de\/cve-2026-25470-kritische-schwachstelle-wordpress-plugin-acpt\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"CVE-2026-25470: Kritische Schwachstelle in WordPress-Plugin ACPT (CVSS 10.0)"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Mesurer et comparer la s\u00e9curit\u00e9 informatique","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32","name":"Kristina Hoinkis","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","caption":"Kristina Hoinkis"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/8632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/comments?post=8632"}],"version-history":[{"count":2,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/8632\/revisions"}],"predecessor-version":[{"id":8635,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/8632\/revisions\/8635"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/media\/8634"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/media?parent=8632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/categories?post=8632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/tags?post=8632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}