Logo
Retour à la veille

CVE-2026-12560

Publié : 30 juin 2026
Modifié : 30 juin 2026
Lien officiel NVD
Score CVSS
4.4
MEDIUM

Description détaillée

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The WordPress unfiltered_html capability exemption does not apply here because the payload is stored in post meta (_wpas_er_options via update_post_meta) rather than in post_content or post_excerpt, meaning the restriction affects all administrators regardless of their unfiltered_html status.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Références et Patchs

https://plugins.trac.wordpress.org/browser/editorial-rating/tags/4.0.3/admin/wpas-framework/options/metabox-options.php#L446https://plugins.trac.wordpress.org/browser/editorial-rating/tags/4.0.3/public/class-average-score-public_display.php#L90https://plugins.trac.wordpress.org/browser/editorial-rating/tags/4.0.3/public/template-parts/wpas-theme-1.php#L57https://plugins.trac.wordpress.org/browser/editorial-rating/tags/4.0.3/public/template-parts/wpas-theme-1.php#L87https://plugins.trac.wordpress.org/browser/editorial-rating/tags/4.0.5/admin/wpas-framework/options/metabox-options.php#L446https://plugins.trac.wordpress.org/browser/editorial-rating/tags/4.0.5/public/class-average-score-public_display.php#L90https://plugins.trac.wordpress.org/browser/editorial-rating/tags/4.0.5/public/template-parts/wpas-theme-1.php#L57https://plugins.trac.wordpress.org/browser/editorial-rating/tags/4.0.5/public/template-parts/wpas-theme-1.php#L87https://www.wordfence.com/threat-intel/vulnerabilities/id/26c63d73-6ce2-4b3a-b0d9-29f7d9b368d5?source=cve

Dernières Vulnérabilités

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.

VOIR DÉTAILS

CVE-2026-56809

Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.

VOIR DÉTAILS

CVE-2026-56808

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.

VOIR DÉTAILS