{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-6690/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-6690"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["LifePress plugin \u003c= 2.2.2"],"_cs_severities":["medium"],"_cs_tags":["wordpress","xss","cve-2026-6690","lifepress","stored-xss","plugin"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe LifePress plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability that affects versions up to and including 2.2.2. The vulnerability resides in the \u003ccode\u003elp_update_mds\u003c/code\u003e AJAX action, specifically the \u0026rsquo;n\u0026rsquo; parameter. The \u003ccode\u003ewp_ajax_nopriv_lp_update_mds\u003c/code\u003e action lacks both nonce verification and capability checks. Furthermore, the plugin exhibits insufficient input sanitization and output escaping when rendering the series name on the admin settings page. This allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will then execute whenever a user accesses a page where the injected content is displayed. This can lead to account compromise, data theft, or other malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious HTTP request targeting the \u003ccode\u003ewp-admin/admin-ajax.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker sets the \u003ccode\u003eaction\u003c/code\u003e parameter to \u003ccode\u003elp_update_mds\u003c/code\u003e within the HTTP request.\u003c/li\u003e\n\u003cli\u003eThe attacker includes a crafted payload within the \u0026rsquo;n\u0026rsquo; parameter of the request, containing the malicious XSS script.\u003c/li\u003e\n\u003cli\u003eThe server-side code, specifically the \u003ccode\u003ewp_ajax_nopriv_lp_update_mds\u003c/code\u003e function, processes the request without proper sanitization of the \u0026rsquo;n\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input from the \u0026rsquo;n\u0026rsquo; parameter is stored in the WordPress database.\u003c/li\u003e\n\u003cli\u003eAn administrator or other authorized user accesses an admin settings page where the stored series name is displayed.\u003c/li\u003e\n\u003cli\u003eThe malicious XSS payload is rendered in the user\u0026rsquo;s browser due to the lack of output escaping.\u003c/li\u003e\n\u003cli\u003eThe injected script executes within the user\u0026rsquo;s browser session, potentially stealing cookies, redirecting the user, or performing other malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthenticated attackers to inject malicious JavaScript code into the WordPress site. This code can then be executed in the browsers of administrators or other users who access affected pages. This can lead to account compromise, defacement of the website, or redirection of users to phishing sites. Given the lack of authentication required to trigger this, a large number of WordPress sites using the LifePress plugin are potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-6690 Exploitation Attempt via lp_update_mds AJAX Action\u0026rdquo; to identify potential exploitation attempts targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for POST requests to \u003ccode\u003ewp-admin/admin-ajax.php\u003c/code\u003e with the \u003ccode\u003eaction\u003c/code\u003e parameter set to \u003ccode\u003elp_update_mds\u003c/code\u003e and containing suspicious characters in the \u003ccode\u003en\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eApply the available patch for the LifePress plugin, upgrading to a version greater than 2.2.2 to remediate CVE-2026-6690.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T09:17:38Z","date_published":"2026-05-12T09:17:38Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-6690-lifepress-xss/","summary":"The LifePress plugin for WordPress is vulnerable to stored cross-site scripting (XSS) due to insufficient input sanitization and output escaping within the `lp_update_mds` AJAX action, allowing unauthenticated attackers to inject arbitrary web scripts via the 'n' parameter that execute when a user accesses the injected page; this affects versions up to and including 2.2.2.","title":"CVE-2026-6690: LifePress WordPress Plugin Stored XSS Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-6690-lifepress-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-6690","version":"https://jsonfeed.org/version/1.1"}