Medium CVE-2026-8895 The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on the shortcode's 'href' and 'type'...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[Medium] CVE-2026-8895 – The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripti...

VERWANDTEARTIKEL

CVE-2026-49741 - TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

Google fixes the fifth actively exploited Chrome zero-day of 2026

CVE-2026-46746 - Siemens SINEC INS Command Injection

CVE-2026-46748 - SINEC INS Local Privilege Escalation via CAP_DAC_OVERRIDE

CVE-2026-41031 - A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

CVE-2026-10731 - SQL injection in Nemon products