CVE-2026-1279 | Employee Directory Plugin up to 1.2.1 on WordPress Shortcode form_title cross site scripting

Inserito da Angelo Barbosa | Feb 6, 2026 | CVE

A vulnerability was found in Employee Directory Plugin up to 1.2.1 on WordPress and classified as problematic. This impacts an unknown function of the component Shortcode Handler. The manipulation of the argument form_title results in cross site scripting.

This vulnerability was named CVE-2026-1279. The attack may be performed from remote. There is no available exploit.

CVE-2026-1279 | Employee Directory Plugin up to 1.2.1 on WordPress Shortcode form_title cross site scripting

Post correlati

CVE-2024-9925 | TAI Smart Factory QPLANT SF 1.0 RequestPasswordChange email sql injection

CVE-2025-14004 | dayrui XunRuiCMS up to 4.7.1 Email Setting admind45f74adbd95.php?c=email&m=add server-side request forgery

CVE-2023-40716 | Fortinet FortiTester up to 7.2.3 Restore/Backup os command injection (FG-IR-22-345)

CVE-2023-48800 | Totolink X6000R 9.4.0cu.852_B20230719 snprintf Privilege Escalation