2 matches found
CVE-2026-10089
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...
The vulnerability of the WordPress website content management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to compromise the integrity of data.
The vulnerability of the WordPress content management system’s functions is related to an error in the execution of XSS attacks during shortcode rendering. Exploiting this vulnerability allows a remote attacker to compromise data integrity...