3 matches found
CVE-2026-10092 Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments
The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up to, and including, 1.163 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2026-10092
The Cincopa video and media plugin for WordPress (versions up to 1.163) is vulnerable to unauthenticated Stored Cross-Site Scripting via the cincopa shortcode in post comments. The root cause is insufficient input sanitization and output escaping, enabling unauthenticated visitors who can post co...
PT-2026-51665
Name of the Vulnerable Software and Affected Versions Cincopa video and media plug-in versions prior to 1.164 Description The Cincopa video and media plug-in for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin processes the cincopa shortcode via a comment te...