CVE-2026-2505: XSS en plugin Categories Images
CVE-2026-2505 afecta Categories Images hasta la versión 3.3.1. Stored XSS via shortcode z_taxonomy_image. Cómo verificar, actualizar y detectar explotac...
https://seguridadenwordpress.com/cve-2026-2505-wordpress-xss-categories-images/
#cve20262505 #xss #categoriesimages #shortcodewordpress #wordfence
CVE-2026-2505: XSS en plugin Categories Images - Seguridad en Wordpress
CVE-2026-2505 es una vulnerabilidad Stored XSS en el plugin Categories Images para WordPress (hasta v3.3.1) que permite inyectar scripts via el shortcode z_taxonomy_image.
CVE-2026-2986: XSS en Contextual Related Posts
CVE-2026-2986 afecta a Contextual Related Posts (≤4.2.1) con XSS almacenado. Verificá tu versión, actualizá y auditá tu sitio con estos pasos concretos.
https://seguridadenwordpress.com/cve-2026-2986-wordpress-contextual-related-posts-xss/
#cve20262986 #xss #contextualrelatedposts #wordfence #wordpressplugins
CVE-2026-2986: XSS en Contextual Related Posts - Seguridad en Wordpress
CVE-2026-2986 es una vulnerabilidad XSS almacenada en Contextual Related Posts (≤4.2.1) que permite inyectar código malicioso desde rol contributor.
MEDIUM severity alert: CVE-2026-0868 (CVSS 6.4) in EMC – Easily Embed Calendly Scheduling WP plugin (≤4.4) allows contributor-level XSS attacks. No patch yet — restrict access, monitor updates.
https://radar.offseq.com/threat/cve-2026-0868-cwe-79-improper-neutralization-of-in-3458e49a #OffSeq #WordPress #Infosec #XSS🛡️ CVE-2026-2505: MEDIUM severity stored XSS in Categories Images plugin (≤3.3.1) lets Contributor+ users inject scripts via the 'class' attribute. Restrict access & watch for a patch.
https://radar.offseq.com/threat/cve-2026-2505-cwe-79-improper-neutralization-of-in-ce86bd04 #OffSeq #WordPress #XSS #Vuln🛡️ CVE-2026-2986: MEDIUM severity Stored XSS in Contextual Related Posts plugin (≤4.2.1) for WordPress. Contributor+ users can inject scripts — risk to all page viewers. Restrict access & monitor for patches.
https://radar.offseq.com/threat/cve-2026-2986-cwe-79-improper-neutralization-of-in-55e6dfdd #OffSeq #WordPress #XSS #Infosec⚠️ CVE-2026-27245: CRITICAL XSS in Adobe Connect (v2025.3, 12.10 & earlier). Allows malicious JS via crafted URLs — risk of session hijack. No patch yet. Monitor Adobe advisories, apply input filtering if possible.
https://radar.offseq.com/threat/cve-2026-27245-cross-site-scripting-reflected-xss--e445a643 #OffSeq #AdobeConnect #XSS🔴 CRITICAL DOM-based XSS (CVE-2026-27246) in Adobe Connect v2025.3, 12.10 & earlier. Exploitation risks data theft via malicious JS; no patch yet. Advise caution with unknown links & monitor Adobe for updates.
https://radar.offseq.com/threat/cve-2026-27246-cross-site-scripting-dom-based-xss--d488fcd6 #OffSeq #AdobeConnect #XSS #InfosecSome really nice things arrived in #browser land in February 2026 (i.e. "Baseline Newly available"):
Trusted Types API (prevent DOM-based cross-site scripting):
https://web.dev/articles/trusted-types
`Map.prototype.getOrInsert()`:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map/getOrInsert
Zstandard compression (only server-side via `Content-Encoding` for now it seems, so no support in #JavaScript `CompressionStream` / `DecompressionStream` yet):
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Encoding
#webdev #xss
Prevent DOM-based cross-site scripting vulnerabilities with Trusted Types | Articles | web.dev
Introducing Trusted Types: a browser API to prevent DOM-based cross-site scripting in modern web applications.
🚨 HIGH severity XSS (CVE-2026-1116) in parisneo/lollms pre-2.2.0: Improper input sanitization in from_dict allows attackers to inject malicious scripts. Update ASAP!
https://radar.offseq.com/threat/cve-2026-1116-cwe-79-improper-neutralization-of-in-c711f067 #OffSeq #XSS #Vuln #InfoSec🔎 CVE-2026-6106: 1Panel-dev MaxKB v2.2.0/2.2.1 impacted by MEDIUM XSS via Public Chat Interface (Name arg). Patch to v2.8.0 to mitigate. No in-the-wild exploits yet. Full details:
https://radar.offseq.com/threat/cve-2026-6106-cross-site-scripting-in-1panel-dev-m-cd592a06 #OffSeq #XSS #Vuln
Donweb Media
OffSequence
data0