PT-2026-21236 · WordPress · Whizz Plugin
João Pedro S Alcântara
+1
·
Published
2026-02-20
·
Updated
2026-02-21
·
CVE-2026-24955
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
fox-themes Whizz Plugins versions through 1.9
Description
The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting (XSS) issue. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists in the way the application processes input, potentially enabling unauthorized code execution within the context of a user's browser.
Recommendations
Update fox-themes Whizz Plugins to a version later than 1.9.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Whizz Plugin