CVE-2026-0743

Name of the Vulnerable Software and Affected Versions WP Content Permission versions prior to 1.3

Description The WP Content Permission plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the ohmem-message parameter. An authenticated attacker with Administrator-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The API endpoint involved is not explicitly mentioned. The vulnerable parameter is ohmem-message.

Recommendations Update WP Content Permission to version 1.3 or later.