{"uuid": "ca1c0953-fdb5-47f4-aec2-7809e1587334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15298", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mqcdablfyd2v", "content": "CVE-2026-15298 - DOM-Based XSS in Telsender WordPress plugin up to 1.14.14. Unauthenticated attackers can inject scripts via Telegram chat titles, executing when admin clicks \"Tested\". CVSS 7.2. No patch available. Disable plugin until fixe...\n\nhttps://www.valtersit.com/cve/CVE-2026-15298/", "creation_timestamp": "2026-07-10T14:10:12.242159Z"}