PT-2026-54610 · Undefined · Undefined
Pierre Rudloff
·
Publicado
2026-07-02
·
Atualizado
2026-07-02
·
CVE-2026-10077
CVSS v3.1
6.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wp kses post(), as markup, allowing users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any user who views the affected post.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Undefined