CVE-2026-4078 | ITERAS Plugin up to 1.8.2 on WordPress Shortcode combine_attributes cross site scripting

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability has been found in ITERAS Plugin up to 1.8.2 on WordPress and classified as problematic. Affected by this issue is the function combine_attributes of the component Shortcode Handler. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-4078. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-4078 | ITERAS Plugin up to 1.8.2 on WordPress Shortcode combine_attributes cross site scripting

Post correlati

CVE-2025-11924 | Ninja Forms Plugin up to 3.13.1/3.13.2 on WordPress REST Endpoint resource injection

CVE-2026-27314 | Apache Cassandra up to 5.0.6 ADD IDENTITY authorization

CVE-2024-46076 | RuoYi up to 4.7.9 Code Generation injection

CVE-2024-41809 | OpenObserve up to 0.10.0 MemberSubscription.vue cross site scripting (GHSA-rw8w-37p9-mrrp)