CVE-2026-4069

Name of the Vulnerable Software and Affected Versions Alfie – Feed Plugin versions up to and including 1.2.1

Description The Alfie – Feed Plugin plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to missing nonce validation on the alfie option page() function combined with insufficient input sanitization and output escaping of the naam parameter. This allows unauthenticated attackers to inject malicious web scripts into the plugin’s database. These scripts will execute when a user accesses the page displaying the injected data, if an administrator is tricked into performing an action such as clicking a link.

Recommendations Update Alfie – Feed Plugin to a version later than 1.2.1.