CVE-2026-2602 in Twentig Supercharged Block Editor Plugin
요약 (영어)
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
책임이 있는
Wordfence
예약하다
2026. 02. 16.
공개
2026. 03. 29.
엔트리
| 게시됨 | 기본 | 임시 | 취약성 | CWE | 제품 | 악용 | 대책 | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 2026. 03. 29. | 4.9 | 4.9 | Twentig Supercharged Block Editor Plugin Parameter 크로스 사이트 스크립팅 | 79 | WordPress Plugin | 정의되지 않음 | 정의되지 않음 | 0.00029 | 8.56- | CVE-2026-2602 |