HIGH
WPZOOM
CVE published 2026-06-10
CVE-2026-49069
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WPZOOM Portfolio plugin. This issue, tracked as CVE-2026-49069, allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity.