PT-2026-26836 · WordPress · Itsukaita

San6051

Publicado

2026-03-21

Atualizado

2026-03-21

CVE-2026-2427

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions itsukaita plugin for WordPress versions prior to 0.1.3

Description The itsukaita plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the day from and day to parameters. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if an administrator is tricked into performing an action, such as clicking a malicious link.

Recommendations Update the itsukaita plugin to version 0.1.3 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-2427

Produtos afetados

Itsukaita

PT-2026-26836 · WordPress · Itsukaita

CVE-2026-2427

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5