PT-2026-40883 · WordPress · Managewp Worker
Do Phuc
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2026-3718
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ManageWP Worker versions prior to 4.9.32
Description
The ManageWP Worker plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin does not properly sanitize input or escape output for values provided in the 'MWP-Key-Name' HTTP request header. Unauthenticated attackers can inject arbitrary web scripts into pages, which then execute when an administrator accesses the plugin's connection management page using debug parameters.
Recommendations
Update the plugin to a version later than 4.9.31.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Managewp Worker