10 matches found
CVE-2026-3718
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
WordPress ManageWP Worker plugin <= 4.9.31 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by timomangcut in WordPress Plugin ManageWP Worker versions = 4.9.31...
CVE-2026-3718
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
CVE-2026-3718 ManageWP Worker <= 4.9.31 - Unauthenticated Stored Cross-Site Scripting via 'MWP-Key-Name' Header
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
EUVD-2026-30246
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
CVE-2026-3718
The ManageWP Worker plugin for WordPress is affected by CVE-2026-3718: Stored Cross-Site Scripting via the MWP-Key-Name HTTP header in all versions up to 4.9.31. Root cause: insufficient input sanitization and output escaping of attacker-controlled header values. Impact: unauthenticated attackers...
CVE-2026-3718
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
PT-2026-40883
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
WordPress plugin ManageWP Worker 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin ManageWP Worker versions = 4.9.31...