Vulnerabilities and security researches forkenta-companion kenta-companion

Jun 07, 2024

CVE, Research URL: 5bf94585af0489d21852c82a9f9157821b1edd20
Home page URL: Security reports for Kenta Companion
Application: Kenta Companion
Date: Jul 18, 2023
Research Description: Kenta Companion [kenta-companion] < 1.1.9 WordPress Kenta Companion Plugin < 1.1.9 is vulnerable to Cross Site Scripting (XSS) Update the plugin to the latest version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Kenta Companion Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.1.9.
Affected versions: max 1.1.9.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2026-27090
Home page URL: Security reports for Kenta Companion
Application: Kenta Companion
Date: Feb 19, 2026
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3.
Affected versions: max 1.3.3.
Status: vulnerable