2 matches found
CVE-2026-2292
creationtimestamp| type| source ---|---|--- 2026-03-04 04:03:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg7fn4husc2v...
CVE-2026-2292 Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field
The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...