2 matches found
CVE-2026-1263
creationtimestamp| type| source ---|---|--- 2026-04-10 02:19:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj4b2zhaul24 2026-04-19 17:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjuidmaf7l2c...
CVE-2026-1263 Webling <= 3.9.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...