CVE-2026-3512

Name of the Vulnerable Software and Affected Versions Writeprint Stylometry plugin for WordPress versions up to and including 0.1

Description The Writeprint Stylometry plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the p GET parameter. This is a result of inadequate input sanitization and output escaping within the bjl wprintstylo comments nav() function. The function directly outputs the p parameter into an HTML href attribute without proper escaping, allowing authenticated attackers with Contributor-level permissions or higher to inject arbitrary web scripts. These scripts can execute if a user clicks on a malicious link. The vulnerable parameter is p.

Recommendations Update the Writeprint Stylometry plugin to a version beyond 0.1.