CVE-2026-2722

creationtimestamp| type| source ---|---|--- 2026-03-07 03:52:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mggwgp667324...

CVE-2026-2722 Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...