{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0815", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-09T15:39:50.194Z", "datePublished": "2026-02-11T08:26:28.712Z", "dateUpdated": "2026-04-08T17:34:30.452Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:30.452Z"}, "affected": [{"vendor": "pankajanupam", "product": "Category Image", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb28c526-67ae-441d-9964-5ac17b966687?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/category-image/tags/2.0/category-image.php#L28"}, {"url": "https://plugins.trac.wordpress.org/browser/category-image/trunk/category-image.php#L28"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Bhumividh Treloges"}], "timeline": [{"time": "2026-02-10T20:03:51.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T15:24:16.843308Z", "id": "CVE-2026-0815", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:24:58.078Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0815", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-11T15:24:16.843308Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:24:54.761Z"}}], "cna": {"title": "Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Bhumividh Treloges"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "pankajanupam", "product": "Category Image", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-10T20:03:51.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb28c526-67ae-441d-9964-5ac17b966687?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/category-image/tags/2.0/category-image.php#L28"}, {"url": "https://plugins.trac.wordpress.org/browser/category-image/trunk/category-image.php#L28"}], "descriptions": [{"lang": "en", "value": "The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:30.452Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0815", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:34:30.452Z", "dateReserved": "2026-01-09T15:39:50.194Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-11T08:26:28.712Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Category Image para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'tag-image' en todas las versiones hasta la 2.0, inclusive, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel Editor o superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2026-0815", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-11T09:15:51.000", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/category-image/tags/2.0/category-image.php#L28"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/category-image/trunk/category-image.php#L28"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb28c526-67ae-441d-9964-5ac17b966687?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0]"}}], "product": "category_image", "vendor": "pankajanupam"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T17:17:45.277681+00:00", "value": {"mitigation_remediation": ["Upgrade the Category Image plugin to any release newer than version 2.0, which removes the vulnerable tag-image handling.", "If an upgrade is not immediately possible, restrict Editor+ users from editing or creating tags that allow image insertion, limiting the attack surface.", "Configure a content security policy that blocks inline scripts or restricts script sources, mitigating the impact of any remaining XSS payloads."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the Category Image plugin version 2.0 or earlier are affected. All installations that use the plugin\u2019s tag-image functionality can be exploited. Users with WordPress roles at Editor level or above are required to inject the payload.", "description_and_impact": "The Category Image plugin is vulnerable to stored cross\u2011site scripting through the tag-image parameter. Due to insufficient input sanitization and lack of output escaping, authenticated users with Editor rights or higher can inject arbitrary JavaScript. When an affected user views the page, the injected script runs in the browser, potentially allowing credential theft, session hijacking, or defacement. The weakness is a classic user\u2011input injection flaw (CWE\u201179).", "risk_and_exploitability": "The vulnerability has a CVSS score of 4.4, indicating moderate severity. Exploit probability is very low (EPSS < 1%) and it is not listed in CISA KEV, suggesting it is not currently known to be actively exploited. Attack requires legitimate WordPress credentials with Editor privileges and involves submitting malicious content via the tag-image field; the attack vector is inherent to the plugin\u2019s functionality rather than network\u2011level exploitation."}}}}, "created": "2026-02-11T21:45:57.399226+00:00", "updated": "2026-04-15T17:30:10.480394+00:00", "vendors": ["pankajanupam", "pankajanupam$PRODUCT$category_image", "wordpress", "wordpress$PRODUCT$wordpress"]}