OffSequence
⚠️ HIGH severity XSS (CVE-2026-2936) in Visitor Traffic Real Time Statistics WP plugin ≤8.4. Unauth attackers can inject persistent scripts via 'page_title', executed by admins. No patch yet — restrict access or disable plugin. https://radar.offseq.com/threat/cve-2026-2936-cwe-79-improper-neutralization-of-in-422ba84b #OffSeq #WordPress #XSS
Apr 5 at 1:30amWeb