https://feed.craftedsignal.io/tags/cve-2026-4267/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 12:16:31 +0000https://feed.craftedsignal.io/briefs/2024-01-query-monitor-xss/Tue, 31 Mar 2026 12:16:31 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-query-monitor-xss/The Query Monitor WordPress plugin is vulnerable to reflected cross-site scripting (XSS) due to insufficient input sanitization and output escaping of the '$_SERVER['REQUEST_URI']' parameter, allowing unauthenticated attackers to inject arbitrary web scripts.The Query Monitor plugin for WordPress, a developer tool panel, is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. Identified as CVE-2026-4267, this flaw exists in all versions up to and including 3.20.3. The vulnerability arises from the plugin’s failure to adequately sanitize input and escape output related to the $_SERVER['REQUEST_URI'] parameter. An unauthenticated attacker can exploit this by injecting malicious web scripts into pages, posing a threat to users who…

]]>mediumadvisorywordpressxssreflected-xsscve-2026-4267