CVE-2026-5077 - Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute
CVE ID :CVE-2026-5077 Published : May 2, 2026, 9:26 a.m. | 41 minutes ago Description :The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering the_title() inside HTML a
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Undead co-op shooters, gorgeous hack-and-slash action and other new indie games worth checking out
- [CYBER] New Bluekit Phishing Kit Features AI Assistant
- [CYBER] Op Ed: When it comes to cybersecurity, AI is our best hope in a profession that generally lacks hope
- [CYBER] CVE-2026-7611 - TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity
- [CYBER] İranlı Gruptan Ubuntu’ya Saldırı
- [CYBER] CVE-2026-7608 - TRENDnet TEW-821DAP tools_diagnostic os command injection