CVE-2026-5247 - Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'wrapper' Shortcode Attribute
CVE ID :CVE-2026-5247 Published : May 5, 2026, 3:15 a.m. | 55 minutes ago Description :The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the [futureaction] shortcode in all versions up to, and inc
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates
- [CYBER] CSA tasks critical information infrastructure leaders to review cyber risks due to AI-enabled threats
- [CYBER] CVE-2026-7810 - UsamaK98 python-notebook-mcp server.py add_cell path traversal
- [CYBER] CVE-2026-5159 - Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter
- [CYBER] CVE-2026-4665 - WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute
- [CYBER] CVE-2026-4803 - Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta