The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Fpoller |
|
| Wordpress |
|
No data.
No data.
References
History
Wed, 22 Apr 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Fpoller
Fpoller private Wp Suite Wordpress Wordpress wordpress |
|
| Vendors & Products |
Fpoller
Fpoller private Wp Suite Wordpress Wordpress wordpress |
Wed, 22 Apr 2026 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |
| Title | Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-04-22T07:45:40.547Z
Reserved: 2026-02-18T21:11:15.769Z
Link: CVE-2026-2719
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2026-04-22T09:16:21.130
Modified: 2026-04-22T20:22:50.570
Link: CVE-2026-2719
Redhat
No data.