CVE-2026-9629

MEDIUM

6.4

CVSS Severity Score

EPSS Score0.1280%

EPSS Percentile1.95th

PublishedJun 13, 2026

Last ModifiedJun 13, 2026

Vulnerability Description

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://plugins.trac.wordpress.org/browser/canvas/tags/2.5.2/components/basic-elements/block-section-heading/render.php#L13

🔗 https://plugins.trac.wordpress.org/browser/canvas/tags/2.5.2/components/basic-elements/block-section-heading/render.php#L32

🔗 https://plugins.trac.wordpress.org/browser/canvas/tags/2.5.2/gutenberg/custom-blocks/index.php#L798

🔗 https://plugins.trac.wordpress.org/changeset/3553553/canvas/trunk/components/basic-elements/block-section-heading/render.php

🔗 https://plugins.trac.wordpress.org/changeset?old_path=%2Fcanvas/tags/2.5.2&new_path=%2Fcanvas/tags/2.5.3

🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/f93d70e4-01c5-44e8-b7d5-0837bee53b8d?source=cve

Vulnerability Description

Affected Platforms (CPE)

References & Advisories

Related Vulnerabilities