CVE-2026-5070 — Cross-Site Scripting (XSS)
Image via images.unsplash.com
CVE-2026-5070 — The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-leve
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-5070 | vulnerability | CVE-2026-5070 |
| CWE-79 | weakness | CWE-79 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 07:17 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-40118 — Information Disclosure
CVE-2026-40118 — UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname...
CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows
CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed...
CVE-2026-22615 — Due to improper input validation in one of the Eaton
CVE-2026-22615 — Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin...