CVE-2026-2466

NONE EPSS 0.03%

Mar 11, 2026

Updated Mar 11, 2026

WordPress

Parameter	Value
Vendor	WordPress
Public PoC	No

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

References 1

https://wpscan.com/vulnerability/2843e8fe-0c02-48ee-ada3-f1c3d1ee73eb/

contact@wpscan.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4063

WordPress

4.3

CVE-2026-3986

WordPress

6.4

CVE-2026-3891

WordPress

9.8

CVE-2026-3045

WordPress

7.5

CVE-2026-32448

WordPress

6.5

CVE Details

CVE ID

CVE-2026-2466

Published Date

Mar 11, 2026

Vendor

WordPress

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.03%

Likelihood of exploitation in next 30 days

Percentile: 9.4th percentile (higher than 9.4% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-2466

References 1

Related Vulnerabilities

CVE-2026-4063

CVE-2026-3986

CVE-2026-3891

CVE-2026-3045

CVE-2026-32448

CVE Details

Editor's Choice

Menu

CVE-2026-2466

References 1

Related Vulnerabilities

CVE-2026-4063

CVE-2026-3986

CVE-2026-3891

CVE-2026-3045

CVE-2026-32448

CVE Details

Editor's Choice

Stay informed on cybersecurity