CVE-2026-5324 | themefusecom Brizy Plugin up to 2.8.11 on WordPress FileUpload api.php html_entity_decode cross site scripting

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability described as problematic has been identified in themefusecom Brizy Plugin up to 2.8.11 on WordPress. Affected by this issue is the function html_entity_decode of the file api.php of the component FileUpload Handler. The manipulation results in cross site scripting.

This vulnerability is cataloged as CVE-2026-5324. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.

CVE-2026-5324 | themefusecom Brizy Plugin up to 2.8.11 on WordPress FileUpload api.php html_entity_decode cross site scripting

Post correlati

CVE-2024-4965 | D-Link DAR-7000-40 V31R02B1413C /useratte/resmanage.php load os command injection (SAP10354)

CVE-2024-45447 | Huawei HarmonyOS/EMUI Camera Framework Module information disclosure

CVE-2024-3956 | Pods Plugin up to 3.2.1 on WordPress Pod Form Redirect URL cross site scripting

CVE-2023-45725 | Apache CouchDB up to 3.3.2 Design Document improper authorization