3 matches found
CVE-2026-3876
The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...
WordPress Prismatic plugin <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode vulnerability
Unauthenticated Stored Cross-Site Scripting via 'prismaticencoded' Pseudo-Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Prismatic versions = 3.7.3...
CVE-2026-3876
The CVE-2026-3876 entry describes a Stored XSS in the Prismatic plugin for WordPress, affecting all versions up to 3.7.3. Root cause: insufficient input sanitization and output escaping in the prismatic_decode function for the prismatic_encoded pseudo-shortcode, enabling unauthenticated attackers...