PatchSiren cyber security CVE debrief
CVE-2026-49069 WPZOOM CVE debrief
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WPZOOM Portfolio plugin. This issue, tracked as CVE-2026-49069, allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity.
- Vendor
- WPZOOM
- Product
- WPZOOM Portfolio
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of the WPZOOM Portfolio plugin, particularly those with versions from n/a through 1.4.21, should be aware of this vulnerability and take necessary actions to protect their installations.
Technical summary
The CVE-2026-49069 vulnerability is caused by improper neutralization of input during web page generation, also known as Reflected Cross-Site Scripting (XSS). This allows an attacker to inject malicious scripts into the web page, which can then be executed by the user's browser.
Defensive priority
HIGH
Recommended defensive actions
- Update the WPZOOM Portfolio plugin to a version beyond 1.4.21, if available.
- Implement additional security measures such as input validation and output encoding.
- Monitor your website for suspicious activity and implement a Web Application Firewall (WAF) if possible.
Evidence notes
The CVE-2026-49069 vulnerability was reported by Patchstack and is listed in the National Vulnerability Database (NVD).
Official resources
-
CVE-2026-49069 CVE record
CVE.org
-
CVE-2026-49069 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49069 was published on 2026-06-10T14:16:34.220Z and modified on 2026-06-10T18:35:12.690Z.