CVE-2026-6725 | wpclever WPC Smart Messages for WooCommerce Plugin up to 4.2.8 on WordPress wpcsm_text_rotator text cross site scripting

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability identified as problematic has been detected in wpclever WPC Smart Messages for WooCommerce Plugin up to 4.2.8 on WordPress. Affected by this issue is the function wpcsm_text_rotator. The manipulation of the argument text leads to cross site scripting.

This vulnerability is documented as CVE-2026-6725. The attack can be initiated remotely. There is not any exploit available.

CVE-2026-6725 | wpclever WPC Smart Messages for WooCommerce Plugin up to 4.2.8 on WordPress wpcsm_text_rotator text cross site scripting

Post correlati

CVE-2026-22904 | WAGO 0852-1322/0852-1328 up to 2.64 Cookie stack-based overflow (VDE-2026-004)

CVE-2023-51071 | QStar Archive Solutions 3-0 Build 7 Patch 0 SMB access control

CVE-2025-4962 | lunary-ai lunary up to 1.9.22 API /v1/templates projectId access control

CVE-2026-25471 | Themepaste Admin Safety Guard Plugin up to 1.2.6 on WordPress authentication bypass