CVE-2026-2602 in Twentig Supercharged Block Editor Plugin
Сводка (Английский)
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Ответственный
Wordfence
Резервировать
16.02.2026
Раскрытие
29.03.2026
Записи
| Опубликовано | База | Темп | Уязвимость | CWE | Прод | Экс | Кон | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 29.03.2026 | 4.9 | 4.9 | Twentig Supercharged Block Editor Plugin Parameter межсайтовый скриптинг | 79 | WordPress Plugin | Не определено | Не определено | 0.00000 | 8.67- | CVE-2026-2602 |