2 matches found
CVE-2026-10077
creationtimestamp| type| source ---|---|--- 2026-07-02 07:53:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnkhkvusl2g 2026-07-02 20:05:19+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpotdw4dge26...
CVE-2026-10077
The affected product is the YOOtheme WordPress theme (prior to 5.0.35). The issue arises in the bundled front-end framework that can treat certain HTML attributes, allowed by wp_kses_post(), as markup, enabling Stored XSS when a user with the Author role views a post. The root cause is improper h...