PatchSiren cyber security CVE debrief
CVE-2026-39463 ManageWP CVE debrief
CVE-2026-39463 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in ManageWP Worker plugin versions <= 4.9.31. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-39463).
- Vendor
- ManageWP
- Product
- ManageWP Worker
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of ManageWP Worker plugin versions <= 4.9.31 should apply the necessary patches to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by an Unauthenticated Cross Site Scripting (XSS) issue in the ManageWP Worker plugin. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch for ManageWP Worker plugin version 4.9.31 or later.
- Check for updates and apply the latest version of the plugin.
Evidence notes
Evidence for this CVE was provided by Patchstack.
Official resources
-
CVE-2026-39463 CVE record
CVE.org
-
CVE-2026-39463 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39463 was published on 2026-06-15T21:16:43.357Z and modified on 2026-06-15T21:24:32.790Z.