CVE-2026-4078

by Fred · 24/04/2026

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the combine_attributes() function. The function directly concatenates shortcode attribute values into JavaScript code within

More information : https://plugins.trac.wordpress.org/browser/iteras/tags/1.8.2/public/iteras-public.php#L489

CVE-2026-4078

Similar

Recent Posts

Categories

CVE-2026-4078

Share this:

Similar

Recent Posts

Categories

Tags