PT-2026-42062

Name of the Vulnerable Software and Affected Versions Sticky versions prior to 2.5.7 Description The Sticky plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the cvmh sticky front render function fails to properly sanitize input and escape output for the...

WordPress ACF Extended Unauthenticated RCE via prepare_form()

This module exploits an unauthenticated Remote Code Execution vulnerability in the Advanced Custom Fields: Extended ACF Extended WordPress plugin versions 0.9.0.5 through 0.9.1.1. The vulnerability exists in the prepareform function of the acfemoduleformfrontrender class, which accepts...