CVE-2026-3395 | MaxSite CMS up to 109.1 MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection

A vulnerability, which was classified as critical, was found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection.

This vulnerability is registered as CVE-2026-3395. It is possible to launch the attack remotely. Furthermore, an exploit is available.

You should upgrade the affected component.

The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.

CVE-2026-3395 | MaxSite CMS up to 109.1 MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection

Post correlati

CVE-2024-8003 | Go-Tribe gotribe-admin 1.0 Log routes.go InitRoutes deserialization

CVE-2026-25128 | NaturalIntelligence fast-xml-parser up to 5.3.3 denial of service

CVE-2025-62908 | gerritvanaaken Podlove Web Player Plugin up to 5.9.1 on WordPress authorization

CVE-2024-38776 | Martin Gibson WP GoToWebinar Plugin up to 15.7 on WordPress cross-site request forgery