CVE-2026-3512 in Writeprint Stylometry Plugin
Summary
by MITRE • 03/18/2026
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjl_wprintstylo_comments_nav() function. The function directly outputs the $_GET['p'] parameter into an HTML href attribute without any escaping. This makes it possible for authenticated attackers with Contributor-level permissions or higher to inject arbitrary web scripts in pages that execute if they can successfully trick another user into performing an action such as clicking on a link.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/22/2026
The Writeprint Stylometry plugin for WordPress presents a significant security vulnerability classified as CVE-2026-3512, which manifests as a reflected cross-site scripting flaw in versions up to and including 0.1. This vulnerability exists within the bjl_wprintstylo_comments_nav() function where the plugin fails to properly sanitize user input before incorporating it into HTML output. The specific weakness occurs when the plugin processes the 'p' GET parameter from HTTP requests without implementing adequate output escaping mechanisms. The vulnerability is particularly concerning because it allows authenticated attackers who possess Contributor-level permissions or higher to execute malicious scripts within the context of other users' browsers. This privilege level access requirement does not diminish the severity of the flaw, as contributors can already modify content and potentially access sensitive user data through other means.
The technical implementation of this vulnerability stems from improper input validation and output sanitization practices within the WordPress plugin architecture. The bjl_wprintstylo_comments_nav() function directly incorporates the $_GET['p'] parameter into an HTML href attribute without applying any HTML escaping or encoding procedures. This creates a classic reflected XSS vector where malicious payloads can be injected through URL parameters and executed when users navigate to affected pages. The vulnerability operates under CWE-79 which specifically addresses Cross-Site Scripting flaws, and aligns with ATT&CK technique T1566.001 for Phishing with Social Engineering. The reflected nature of this XSS means that the malicious script is not stored on the server but rather injected through the GET parameter and executed immediately when the affected page is loaded. This makes the vulnerability particularly dangerous for automated exploitation and social engineering campaigns.
The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to perform a wide range of malicious activities including session hijacking, credential theft, and data exfiltration. An attacker with Contributor privileges can craft malicious links that, when clicked by other users, would execute scripts in their browser context. This could lead to unauthorized access to user accounts, modification of content, or redirection to malicious sites. The vulnerability affects all users who have access to the plugin's navigation functionality, potentially compromising the entire WordPress site if users with higher privileges are tricked into clicking malicious links. The reflected nature means that attackers do not need to maintain persistent access to the server, as the malicious code is delivered through the URL parameter itself. This makes the attack vector particularly stealthy and difficult to detect through traditional security monitoring approaches.
Mitigation strategies for this vulnerability should focus on immediate code-level fixes and broader security practices. The primary remediation involves implementing proper input sanitization and output escaping within the bjl_wprintstylo_comments_nav() function, specifically applying WordPress's esc_url() or similar escaping functions to the $_GET['p'] parameter before incorporating it into HTML attributes. Additionally, developers should implement Content Security Policy headers to limit script execution and prevent unauthorized code injection. Regular security audits and input validation should be enforced across all plugin components, with particular attention to user-supplied parameters in navigation and URL handling functions. The vulnerability also highlights the importance of privilege separation and least-privilege principles, as even Contributor-level access can enable significant damage through social engineering attacks. Organizations should implement user education programs to recognize phishing attempts and suspicious links, while maintaining up-to-date security monitoring to detect potential exploitation attempts. The fix should also include proper error handling and logging mechanisms to track any attempts to exploit this vulnerability, ensuring that security teams can respond quickly to potential attacks.