CVE-2026-4086 | newbiesup WP Random Button Plugin up to 1.0 on WordPress Shortcode random_button_html nocat cross site scripting

Inserito da Angelo Barbosa | Mar 21, 2026 | CVE

A vulnerability was found in newbiesup WP Random Button Plugin up to 1.0 on WordPress. It has been declared as problematic. This affects the function random_button_html of the component Shortcode Handler. Executing a manipulation of the argument nocat can lead to cross site scripting.

This vulnerability appears as CVE-2026-4086. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-4086 | newbiesup WP Random Button Plugin up to 1.0 on WordPress Shortcode random_button_html nocat cross site scripting

Post correlati

CVE-2024-22349 | IBM UrbanCode Velocity/DevOps Velocity web browser cache containing sensitive information

CVE-2025-55810 | Alaga Home Security WiFi Camera 3K S-CW2503C-H 1.4.2 Local Privilege Escalation

CVE-2025-13279 | code-projects Nero Social Networking Site 1.0 /profilefriends.php ID sql injection

CVE-2025-40722 | Flatboard Pro up to 3.2.1 /config.php/tags replace cross site scripting