Prismatic Plugin Flaw Exposes WordPress Sites to XSS Attacks

/HIGH
SCW vulnerabilitycvehigh-severitycross-site-scripting-xss-cwe-79
Prismatic Plugin Flaw Exposes WordPress Sites to XSS Attacks

The National Vulnerability Database (NVD) has highlighted a critical stored Cross-Site Scripting (XSS) vulnerability affecting the Prismatic plugin for WordPress. All versions up to and including 3.7.3 are susceptible to this flaw, which stems from inadequate input sanitization and output escaping within the ‘prismatic_decode’ function.

Attackers can exploit this by embedding malicious scripts into comments using a specially crafted ‘prismatic_encoded’ pseudo-shortcode. When an unsuspecting user views a page containing such a comment, the injected script executes, potentially leading to session hijacking, data theft, or further compromise. The NVD has assigned this vulnerability a CVSS score of 7.2, categorizing it as HIGH severity. The vulnerability is identified as CWE-79, a common type of XSS flaw.

What This Means For You

  • If your environment is affected by CWE-79, patch immediately and audit logs for signs of exploitation. Monitor vendor advisories for CVE-2026-3876 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.007 Command and Scripting Interpreter: JavaScript Execution

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-3876 - WordPress Prismatic Plugin Stored XSS via Pseudo-Shortcode

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-3876 XSS WordPress Prismatic plugin versions <= 3.7.3
CVE-2026-3876 XSS Vulnerable component: 'prismatic_encoded' pseudo-shortcode
CVE-2026-3876 XSS Vulnerable function: 'prismatic_decode'
CVE-2026-3876 XSS Attack vector: Submitting a comment with crafted 'prismatic_encoded' pseudo-shortcode

By Shimi's Cyber World Editorial

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 16, 2026 at 10:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-41254 — Integer Overflow

CVE-2026-41254 — Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

vulnerabilityCVEmedium-severityinteger-overflowcwe-696
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs /⚙ 1 Sigma

CVE-2026-41253 — Code Execution

CVE-2026-41253 — In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory...

vulnerabilityCVEmedium-severitycode-executioncwe-829
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs /⚙ 2 Sigma

Mirai Botnet Variants Target TBK DVRs via CVE-2024-3721

Mirai botnet variants, including Nexcorium, are actively exploiting a command injection vulnerability (CVE-2024-3721) in TBK DVR devices. This flaw, rated medium severity, allows attackers to...

threat-intelvulnerabilitymalwarecloud
/SCW Vulnerability Desk /HIGH /⚑ 1 IOC /⚙ 3 Sigma