CVE-2026-3618 | bestweblayout Columns by BestWebSoft Plugin up to 1.0.3 on WordPress Shortcode shortcode_atts ID cross site scripting

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability described as problematic has been identified in bestweblayout Columns by BestWebSoft Plugin up to 1.0.3 on WordPress. The affected element is the function shortcode_atts of the component Shortcode Handler. Executing a manipulation of the argument ID can lead to cross site scripting.

This vulnerability is tracked as CVE-2026-3618. The attack can be launched remotely. No exploit exists.

CVE-2026-3618 | bestweblayout Columns by BestWebSoft Plugin up to 1.0.3 on WordPress Shortcode shortcode_atts ID cross site scripting

Post correlati

CVE-2024-9255 | Foxit PDF Reader use after free (ZDI-24-1308)

CVE-2025-59403 | Flock Safety Android Collins App 6.35.31 com.flocksafety.android.collins improper authentication

CVE-2023-21634 | Qualcomm 835 Mobile PC Platform Radio Interface Layer memory corruption

VDB-278391 | Google Cloud Storage XML API Audit Log insufficient logging