CVE-2026-2955 | wupsales AI Chatbot & Workflow Automation by AIWU Plugin up to 1.4.14 on WordPress Header X-Forwarded-For cross site scripting

Inserito da Angelo Barbosa | Mag 20, 2026 | CVE

A vulnerability classified as problematic was found in wupsales AI Chatbot & Workflow Automation by AIWU Plugin up to 1.4.14 on WordPress. Affected by this vulnerability is an unknown functionality of the component Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting.

This vulnerability is documented as CVE-2026-2955. The attack can be executed remotely. There is not any exploit available.

CVE-2026-2955 | wupsales AI Chatbot & Workflow Automation by AIWU Plugin up to 1.4.14 on WordPress Header X-Forwarded-For cross site scripting

Post correlati

CVE-2026-42515 | CDAC-Noida e-Sushrut Hospital Management Information System API Request authorization (CIVN-2026-0207)

CVE-2025-41009 | Disenno de Recursos Educativos Virtual Campus Platform POST Request /catalogo_c/catalogo.php buscame sql injection

CVE-2026-5379 | runZero Platform up to 2.x/3.0 Organization authorization

CVE-2024-3697 | Campcodes House Rental Management System 1.0 manage_tenant.php id sql injection