CVE-2026-2434 — Cross-Site Scripting (XSS)

/MEDIUM
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycross-site-scripting-xsscwe-79
CVE-2026-2434 — Cross-Site Scripting (XSS)

Image via images.unsplash.com

CVE-2026-2434 — The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with

What This Means For You

  • If your environment is affected by CWE-79, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-2434 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.007 Web Service Execution

🛡️ Detection Rules

5 rules · 6 SIEM formats

5 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2026-2434

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-2434 vulnerability CVE-2026-2434
CWE-79 weakness CWE-79

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 18, 2026 at 02:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Critical NovumOS Flaw: Kernel Takeover via Memory Mapping

CVE-2026-40572 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring...

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-269
/SCW Vulnerability Desk /CRITICAL /⚑ 4 IOCs /⚙ 2 Sigma

Movary Flaw Allows Admin Account Creation, High-Severity Risk

CVE-2026-40350 — Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user...

vulnerabilityCVEhigh-severitycwe-863
/SCW Vulnerability Desk /HIGH /⚑ 4 IOCs /⚙ 3 Sigma

Critical Flaw in NovumOS Allows Kernel Privilege Escalation

CVE-2026-40317 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an...

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-20cwe-269
/SCW Vulnerability Desk /CRITICAL /⚑ 4 IOCs /⚙ 2 Sigma