CVE-2026-4852 — Cross-Site Scripting (XSS)

/MEDIUM /CVSS 6.4/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycross-site-scripting-xsscwe-79
CVE-2026-4852 — Cross-Site Scripting (XSS)

CVE-2026-4852 — The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes

What This Means For You

  • If your environment is affected by CWE-79, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-4852 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.001 PowerShell Execution T1505.003 Web Shell Persistence

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

medium T1190 Initial Access

WordPress Image Source Control Lite Stored XSS via Attachment Field — CVE-2026-4852

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-4852 vulnerability CVE-2026-4852
CWE-79 weakness CWE-79

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 21, 2026 at 00:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a

CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to...

vulnerabilityCVEmedium-severitycwe-287
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs

LMDeploy Vulnerability Exposes LLM Servers to SSRF Attacks

CVE-2026-33626 — LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability...

vulnerabilityCVEhigh-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 1 IOC /⚙ 3 Sigma

Critical Spinnaker Vulnerability Exposes JVM to Attackers

CVE-2026-32613 — Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information -...

vulnerabilityCVEcriticalhigh-severitycwe-94
/SCW Vulnerability Desk /CRITICAL /9.9 /⚑ 3 IOCs /⚙ 3 Sigma