Vulnerabilities

CVE-2026-0608 - Head Meta Data <= 20251118 - authenticated (contributor+) stored cross-site scrip...

2026-01-20 0 views admin

CVE ID : CVE-2026-0608 Published : Jan. 20, 2026, 2:26 p.m. | 23 minutes ago Description : The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-0608

Published

Jan. 20, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-0608wordpress

CVE-2026-0608 - Head Meta Data <= 20251118 - authenticated (contributor+) stored cross-site scrip...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-12781 - base64.b64decode() always accepts

CVE-2025-68137 - EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stac...

CVE-2025-68136 - EVerest's inadequate session handling can lead to memory-related errors or exhau...

CVE-2025-13465 - Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3