Skip to main content

Cincopa Video And Media Plug In

1 CVEs product

Monthly

CVE-2026-10092 HIGH This Week

Stored cross-site scripting in the Cincopa video and media plug-in for WordPress (versions ≤1.163) allows unauthenticated commenters to inject persistent JavaScript via the [cincopa] shortcode processed by the comment_text filter. Any visitor or administrator viewing the affected post executes the attacker's script in their browser session. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

WordPress XSS Cincopa Video And Media Plug In
NVD
CVSS 3.1
7.2
EPSS
0.3%
EPSS 0% CVSS 7.2
HIGH This Week

Stored cross-site scripting in the Cincopa video and media plug-in for WordPress (versions ≤1.163) allows unauthenticated commenters to inject persistent JavaScript via the [cincopa] shortcode processed by the comment_text filter. Any visitor or administrator viewing the affected post executes the attacker's script in their browser session. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

WordPress XSS Cincopa Video And Media Plug In
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy