CVE-2026-1391

Name of the Vulnerable Software and Affected Versions Vzaar Media Management plugin for WordPress versions up to and including 1.2

Description The Vzaar Media Management plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. The vulnerability affects the $ SERVER['PHP SELF'] variable. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link.

Recommendations Update the Vzaar Media Management plugin to a version newer than 1.2.