CVE-2026-4032 in CodeColorer PluginИнформация

Сводка

по MITRE • 16.04.2026

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires comments to be enabled on the target post and guest comments to be allowed.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

Wordfence

Резервировать

12.03.2026

Раскрытие

16.04.2026

Модерация

принято

Вход

VDB-357854

CPE

готов

CWE

CWE-79 (Подтверждённый)

CVSS

6.1 (CNA)

EPSS

0.00028

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4032
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4032
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4032/

◂ Предыдущий Обзор Далее ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!