CVE-2026-56046 WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in ListingPro = 2.9.11 versions...

My Calendar < 3.4.24 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin PoC 1. Use any type of role as long as you permit it the action to Add Events. 2. Add...