CVE-2026-22519

Name of the Vulnerable Software and Affected Versions BuddyDev MediaPress versions through 1.6.2

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages viewed by other users. The vulnerability affects the MediaPress plugin. No information was provided regarding the number of potentially affected devices or any real-world incidents where this issue was exploited. The vulnerability allows for Stored XSS, meaning that malicious scripts are permanently stored on the target server.

Recommendations Update BuddyDev MediaPress to a version newer than 1.6.2.