MEDIUM
mbis
CVE published 2026-06-17
CVE-2026-8494
The Permalink Manager Lite plugin for WordPress has a Stored Cross-Site Scripting vulnerability via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in the admin Permalink Manager page, which will execute when an administrator accesses the Pe [truncated]