PT-2026-36961 · WordPress · Blog Settings
Published
2026-05-05
·
Updated
2026-05-21
·
CVE-2026-6704
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Blog Settings plugin for WordPress versions prior to 1.1
Description
Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the
page parameter, enabling scripts to execute if a user is tricked into clicking a malicious link. Reflected Cross-Site Scripting is a technique where a script is reflected off a web application to the victim's browser.Recommendations
Update the plugin to a version later than 1.0.
As a temporary workaround, restrict or sanitize the use of the
page parameter.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blog Settings