Review
APCu Manager
CVE published 2026-06-29
CVE-2026-10083
The APCu Manager WordPress plugin before 4.5.0 has a Stored Cross-Site Scripting vulnerability. This issue arises because the plugin does not properly escape APCu object-cache keys before rendering them in an admin-area page. When a persistent object cache is enabled, cache keys derived from unsanitised user input are output without escaping, allowing the execution of arbitrary JavaScript in the session o [truncated]