CVE-2026-2432

CVE-2026-2432 affects CM Custom Reports – Flexible reporting to track what matters most, a WordPress plugin, with versions up to 1.2.7. The issue is stored cross-site scripting via admin settings/labels, exploitable by authenticated users with administrator-level permissions and above. Affected i...

WordPress CM Custom Reports plugin <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Labels vulnerability discovered by san6051 - PWC in WordPress Plugin CM Custom WordPress Reports and Analytics versions = 1.2.7...