CVE-2026-3995 — Cross-Site Scripting (XSS)
Image via images.unsplash.com
CVE-2026-3995 — The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() which strips HTML t
What This Means For You
- If your environment is affected by CWE-79, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-3995 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-3995 | vulnerability | CVE-2026-3995 |
| CWE-79 | weakness | CWE-79 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 10:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-41254 — Integer Overflow
CVE-2026-41254 — Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.
CVE-2026-41253 — Code Execution
CVE-2026-41253 — In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory...
Mirai Botnet Variants Target TBK DVRs via CVE-2024-3721
Mirai botnet variants, including Nexcorium, are actively exploiting a command injection vulnerability (CVE-2024-3721) in TBK DVR devices. This flaw, rated medium severity, allows attackers to...