CVE-2026-4032 — Cross-Site Scripting (XSS)
Image via images.unsplash.com
CVE-2026-4032 — The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attack
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-4032 | vulnerability | CVE-2026-4032 |
| CWE-79 | weakness | CWE-79 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 07:17 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-40118 — Information Disclosure
CVE-2026-40118 — UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname...
CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows
CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed...
CVE-2026-22615 — Due to improper input validation in one of the Eaton
CVE-2026-22615 — Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin...