MEDIUM
davidanderson
CVE published 2026-05-28
CVE-2026-7660
A reflected cross-site scripting (XSS) vulnerability exists in the Easy Updates Manager WordPress plugin, affecting versions up to and including 9.0.20. The flaw resides in the pagination() function, where insufficient input sanitization and output escaping of the 'paged' parameter allow attackers to inject arbitrary web scripts. Successful exploitation requires tricking an administrator into clicking a m [truncated]