MEDIUM
olivesystem
CVE published 2026-05-20
CVE-2026-5293
A stored cross-site scripting (XSS) vulnerability in the WordPress plugin 診断ジェネレータ作成プラグイン (Diagnosis Generator) allows authenticated attackers with subscriber-level access or higher to inject arbitrary JavaScript into theme files. The vulnerability exists in versions up to and including 1.4.16. The themeFunc() function, hooked to admin_init, processes theme update requests without proper authorization che [truncated]