PT-2026-36961 · WordPress · Blog Settings

Published

2026-05-05

·

Updated

2026-05-21

·

CVE-2026-6704

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Blog Settings plugin for WordPress versions prior to 1.1
Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the page parameter, enabling scripts to execute if a user is tricked into clicking a malicious link. Reflected Cross-Site Scripting is a technique where a script is reflected off a web application to the victim's browser.
Recommendations Update the plugin to a version later than 1.0. As a temporary workaround, restrict or sanitize the use of the page parameter.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6704

Affected Products

Blog Settings