CVE-2026-46360 | thorsten phpMyFAQ up to 4.1.1 SVG File decodeAllEntities cross site scripting (GHSA-whqh-9pq5-c7r3)

Inserito da Angelo Barbosa | Mag 16, 2026 | CVE

A vulnerability described as problematic has been identified in thorsten phpMyFAQ up to 4.1.1. The impacted element is the function SvgSanitizer::decodeAllEntities of the component SVG File Handler. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-46360. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-46360 | thorsten phpMyFAQ up to 4.1.1 SVG File decodeAllEntities cross site scripting (GHSA-whqh-9pq5-c7r3)

Post correlati

CVE-2025-53286 | Jhainey Milevis Dropify Plugin up to 4.6.9 on WordPress cross site scripting

CVE-2026-2233 | wedevs User Frontend Plugin up to 4.2.8 on WordPress draft_post post_id authorization

CVE-2024-7727 | HTML5 Video Player Plugin up to 2.5.32 on WordPress h5vp_ajax_handler authorization

CVE-2026-2722 | Stock Ticker Plugin up to 3.26.1 on WordPress Template cross site scripting