PT-2026-54610 · Undefined · Undefined

Pierre Rudloff

·

Publicado

2026-07-02

·

Atualizado

2026-07-02

·

CVE-2026-10077

CVSS v3.1

6.8

Média

VetorAV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wp kses post(), as markup, allowing users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any user who views the affected post.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

CVE-2026-10077

Produtos afetados

Undefined