{"uuid": "5a6f9396-af80-47ca-b3cb-1772bae3cdba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-2432", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mkqxbn7cb52r", "content": "CM Custom Reports plugin: Stored XSS (CVE-2026-2432). Admin input not sanitized, outputs raw. CVSS 4.4. Multi-site risk. No patch. Basic DevSecOps failure. #WordPress #XSS #CodeQuality\n\n https://www.valtersit.com/cve/2026/03/cve-2026-2432/", "creation_timestamp": "2026-05-01T01:14:59.017382Z"}