3 matches found
CVE-2026-57387 WordPress picu plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in picu picu picu allows Stored XSS.This issue affects picu: from n/a through = 3.5.1...
CVE-2026-57387
CVE-2026-57387 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin picu (versions up to and including 3.5.1). The issue arises from improper neutralization of input during web page generation, enabling an attacker to inject malicious scripts that are stored and later rend...
WordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by thiennv in WordPress Plugin picu versions = 2.4.0...