EUVD-2026-23212

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...

CVE-2026-3876

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...

CVE-2026-3876

The CVE-2026-3876 entry describes a Stored XSS in the Prismatic plugin for WordPress, affecting all versions up to 3.7.3. Root cause: insufficient input sanitization and output escaping in the prismatic_decode function for the prismatic_encoded pseudo-shortcode, enabling unauthenticated attackers...

CVE-2026-3876 Prismatic <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...

WordPress plugin Prismatic 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2021-24409

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

CVE-2021-24408

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in th...

WordPress 跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Prism is an application by the individual developers of Prism in the United States. Is a lightweight , scalable syntax...

Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator PoC...

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

WordPress Prismatic plugin <= 2.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Prismatic plugin versions = 2.7 Solution Update the WordPress Prismatic plugin to the latest available version at least 2.8...