2 matches found
EUVD-2026-41249
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...
CVE-2026-10089 Insert Pages <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Keys (Meta Key Names)
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...