CVE-2026-5226

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

CVE-2026-5226

The CVE concerns the WordPress plugin Optimole – Optimize Images in Real Time, affected up to version 4.2.3. It describes a Reflected Cross-Site Scripting (XSS) flaw caused by insufficient output escaping of user-supplied URL paths in get_current_url(), which are inserted into JavaScript by repla...

WordPress Find And Replace content for WordPress plugin <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ifoundbug in WordPress Plugin Find And Replace content for WordPress versions = 1.1...

PT-2024-37986 · Flute Cms · Flute Cms

Name of the Vulnerable Software and Affected Versions: Flute CMS version 0.2.2.4-alpha Description: A critical issue affects the replaceContent function of the ContentParser.php file in the Notification Handler component, leading to code injection. The attack can be initiated remotely...