PT-2026-40883 · WordPress · Managewp Worker

Do Phuc

·

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2026-3718

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions ManageWP Worker versions prior to 4.9.32
Description The ManageWP Worker plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin does not properly sanitize input or escape output for values provided in the 'MWP-Key-Name' HTTP request header. Unauthenticated attackers can inject arbitrary web scripts into pages, which then execute when an administrator accesses the plugin's connection management page using debug parameters.
Recommendations Update the plugin to a version later than 4.9.31.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-3718

Affected Products

Managewp Worker