PT-2026-26717 · WordPress · Image Alt Text Manager

Itthidej Aramsri

Publicado

2026-03-20

Atualizado

2026-03-21

CVE-2026-3350

CVSS v3.1

6.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Image Alt Text Manager plugin for WordPress versions prior to 1.8.3

Description The Image Alt Text Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is a result of inadequate input sanitization and output escaping when creating image alt and title attributes using a DOM parser. Authenticated attackers with Author-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.

Recommendations Update the Image Alt Text Manager plugin to version 1.8.3 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-3350

Produtos afetados

Image Alt Text Manager

PT-2026-26717 · WordPress · Image Alt Text Manager

CVE-2026-3350

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6