CVE-2026-5505 - WP-Clippy <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVE ID :CVE-2026-5505 Published : May 5, 2026, 3:16 a.m. | 55 minutes ago Description :The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates
- [CYBER] CSA tasks critical information infrastructure leaders to review cyber risks due to AI-enabled threats
- [CYBER] CVE-2026-7810 - UsamaK98 python-notebook-mcp server.py add_cell path traversal
- [CYBER] CVE-2026-5159 - Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter
- [CYBER] CVE-2026-4665 - WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute
- [CYBER] CVE-2026-4803 - Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta