{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-3718/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-3718"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ManageWP Worker plugin \u003c= 4.9.31"],"_cs_severities":["medium"],"_cs_tags":["wordpress","xss","cve-2026-3718"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe ManageWP Worker plugin, a WordPress extension designed for website management, is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw, identified as CVE-2026-3718, resides within the handling of the \u0026lsquo;MWP-Key-Name\u0026rsquo; HTTP request header. Versions up to and including 4.9.31 are affected. The vulnerability stems from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject malicious JavaScript code. The injected script executes within an administrator\u0026rsquo;s browser session when they access the plugin\u0026rsquo;s connection management page, especially when debug parameters are enabled, potentially leading to account compromise or further malicious actions. This vulnerability poses a significant risk to WordPress sites utilizing the ManageWP Worker plugin.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious HTTP request targeting a WordPress site using the ManageWP Worker plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker includes the \u0026lsquo;MWP-Key-Name\u0026rsquo; header in the HTTP request.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a malicious JavaScript payload within the \u0026lsquo;MWP-Key-Name\u0026rsquo; header value.\u003c/li\u003e\n\u003cli\u003eThe WordPress server processes the HTTP request, and the ManageWP Worker plugin stores the attacker-supplied malicious header value.\u003c/li\u003e\n\u003cli\u003eAn administrator logs into the WordPress dashboard and navigates to the ManageWP Worker plugin\u0026rsquo;s connection management page.\u003c/li\u003e\n\u003cli\u003eThe plugin retrieves the stored \u0026lsquo;MWP-Key-Name\u0026rsquo; header value.\u003c/li\u003e\n\u003cli\u003eDue to insufficient output escaping, the malicious JavaScript payload is rendered within the administrator\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe malicious JavaScript payload executes within the administrator\u0026rsquo;s browser session, potentially performing actions such as session hijacking or further administrative actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this Stored XSS vulnerability (CVE-2026-3718) within the ManageWP Worker plugin can lead to a complete compromise of the affected WordPress website. An attacker can inject arbitrary JavaScript code that executes within the context of an administrator\u0026rsquo;s session. This can be used to steal sensitive information, such as session cookies, modify website content, create new administrative accounts, or redirect users to malicious websites. Given the widespread usage of WordPress and the ManageWP Worker plugin, a significant number of websites are potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the ManageWP Worker plugin to the latest version, which addresses CVE-2026-3718 (per vendor advisory).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule \u0026ldquo;Detect CVE-2026-3718 Exploitation — ManageWP Worker Stored XSS\u0026rdquo; to identify exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests containing the \u0026lsquo;MWP-Key-Name\u0026rsquo; header with suspicious JavaScript payloads (see IOCs).\u003c/li\u003e\n\u003cli\u003eEnable output escaping for HTTP headers processed by WordPress plugins to prevent XSS vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T07:17:34Z","date_published":"2026-05-14T07:17:34Z","id":"https://feed.craftedsignal.io/briefs/2026-05-managewp-worker-xss/","summary":"The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'MWP-Key-Name' HTTP request header, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator visits the plugin's connection management page with debug parameters; this affects all versions up to and including 4.9.31.","title":"ManageWP Worker Plugin Vulnerable to Stored XSS via HTTP Header","url":"https://feed.craftedsignal.io/briefs/2026-05-managewp-worker-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-3718","version":"https://jsonfeed.org/version/1.1"}