2 matches found
CVE-2026-3604
The CVE-2026-3604 entry concerns the WordPress plugin WP SEO Structured Data Schema (versions up to and including 2.8.1). The vulnerability is a Stored Cross‑Site Scripting (XSS) via the _kcseo_ative_tab parameter, caused by insufficient input sanitization and output escaping. Attackers with Cont...
CVE-2026-3604 WP SEO Structured Data Schema <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_kcseo_ative_tab' Parameter
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...