MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-1754

🟡 MEDIUM

The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and...

Published
Feb 14, 2026
Last Modified
Feb 14, 2026
Views
6
Bookmarks
0

Description

Request Expert Review

The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS Scores

CVSS 3.1 6.1
6.1
MEDIUM
CVSS 2.0 6.1

References

plugins.trac.wordpress.org plugins.trac.wordpress.org www.wordfence.com

Additional Information

Source
security@wordfence.com
State
Received

Related CVEs

CVE-2026-2469

HIGH

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downs...

Score: 7.6

CVE-2026-2144

HIGH

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to...

Score: 8.1

CVE-2026-2027

MEDIUM

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setti...

Score: 4.4

CVE-2026-1983

MEDIUM

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This...

Score: 4.3

CVE-2026-1912

MEDIUM

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all version...

Score: 6.4

CVE-2026-1904

MEDIUM

The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'accordion' short...

Score: 6.4

Share CVE-2026-1754

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-1754 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis