MEDIUM
burlingtonbytes
CVE published 2026-05-22
CVE-2026-3481
CVE-2026-3481 describes a reflected cross-site scripting issue in the WP Blockade plugin for WordPress, affecting all versions up to and including 0.9.14. The vulnerable path is the shortcode preview flow: user-supplied input from $_GET['shortcode'] is passed through stripslashes() and then echoed via do_shortcode() without sanitization or escaping. If the input is not a valid WordPress shortcode, it can [truncated]