WordPress Postalicious plugin <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Postalicious versions = 3.0.1...

CVE-2026-1266

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2026-1266

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2026-1266 Postalicious <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2026-1266

CVE-2026-1266 pertains to the WordPress plugin Postalicious, where versions up to and including 3.0.1 are vulnerable to an authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings. The flaw arises from insufficient input sanitization and output escaping, enabling an admin wi...

CVE-2026-1266

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2026-1266 Postalicious <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...