Skip to main content

Penci Soledad Data Migrator

1 CVEs product

Monthly

CVE-2026-27054 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in PenciDesign's Penci Soledad Data Migrator plugin through version 1.3.1, allowing attackers to inject malicious scripts that execute in users' browsers when they visit a crafted URL. The vulnerability affects all versions up to and including 1.3.1 of the WordPress plugin. An attacker can exploit this to steal session cookies, perform actions on behalf of authenticated users, or redirect users to malicious sites, with the attack requiring only that a victim click a malicious link-no special privileges or interaction with the application itself required.

XSS Penci Soledad Data Migrator
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in PenciDesign's Penci Soledad Data Migrator plugin through version 1.3.1, allowing attackers to inject malicious scripts that execute in users' browsers when they visit a crafted URL. The vulnerability affects all versions up to and including 1.3.1 of the WordPress plugin. An attacker can exploit this to steal session cookies, perform actions on behalf of authenticated users, or redirect users to malicious sites, with the attack requiring only that a victim click a malicious link-no special privileges or interaction with the application itself required.

XSS Penci Soledad Data Migrator
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy