HIGH
picu
CVE published 2026-07-13
CVE-2026-57387
A Stored XSS vulnerability was discovered in the picu plugin, affecting versions up to and including 3.5.1. This issue allows an attacker to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, occurring when user input is not properly sanitized, allowing an attacker to store malici [truncated]