Vulnerabilities

CVE-2026-0690 - FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - authenticated (contributo...

2026-01-20 0 views admin

CVE ID : CVE-2026-0690 Published : Jan. 20, 2026, 2:26 p.m. | 23 minutes ago Description : The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rank_math_description' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-0690

Published

Jan. 20, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-0690wordpress

CVE-2026-0690 - FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - authenticated (contributo...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-12781 - base64.b64decode() always accepts

CVE-2025-68137 - EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stac...

CVE-2025-68136 - EVerest's inadequate session handling can lead to memory-related errors or exhau...

CVE-2025-13465 - Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3