CVE-2026-9629

MEDIUM

6.4

CVSS Severity Score

EPSS Score0.1280%

EPSS Percentile1.95th

Published2026年6月13日

Last Modified2026年6月13日

Vulnerability Description

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://plugins.trac.wordpress.org/browser/canvas/tags/2.5.2/components/basic-elements/block-section-heading/render.php#L13

🔗 https://plugins.trac.wordpress.org/browser/canvas/tags/2.5.2/components/basic-elements/block-section-heading/render.php#L32

🔗 https://plugins.trac.wordpress.org/browser/canvas/tags/2.5.2/gutenberg/custom-blocks/index.php#L798

🔗 https://plugins.trac.wordpress.org/changeset/3553553/canvas/trunk/components/basic-elements/block-section-heading/render.php

🔗 https://plugins.trac.wordpress.org/changeset?old_path=%2Fcanvas/tags/2.5.2&new_path=%2Fcanvas/tags/2.5.3

🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/f93d70e4-01c5-44e8-b7d5-0837bee53b8d?source=cve

Vulnerability Description

Affected Platforms (CPE)

References & Advisories

相关漏洞威胁