6 matches found
CVE-2026-1071
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
EUVD-2026-10123
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
CVE-2026-1071
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
CVE-2026-1071
CVE-2026-1071 concerns the Carta Online WordPress plugin. The Wordfence article and CVE entry agree on a vulnerability class of Stored Cross-Site Scripting via plugin settings in versions up to 2.13.0, caused by insufficient input sanitization and output escaping. The impact is that an attacker w...
CVE-2026-1071
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
WordPress Carta Online plugin <= 2.13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Carta Online versions = 2.13.0...