MEDIUM
etspring
CVE published 2026-05-20
CVE-2026-8624
A reflected cross-site scripting (XSS) vulnerability exists in the LJ comments import: reloaded WordPress plugin, affecting all versions up to and including 0.97.1. The vulnerability stems from insufficient input sanitization and output escaping of the PHP_SELF parameter, which includes attacker-controllable PATH_INFO appended to the script name. Two distinct unsanitized echo points for this value exist w [truncated]