cleantalk
Vulnerabilities and Security Researches

personal-authors-category, CVE-2026-1754

CVE, Research URL

CVE-2026-1754

Home page URL

Security reports for personal-authors-category

Application

personal-authors-category

Published on
Feb 14, 2026
Research Description
The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 0.3.
Status
vulnerable
Previous vulnerability researches
Disable Admin Notices individually (CVE-2026-2410) , Apr 15, 2026
Disable Admin Notices individually (CVE-2024-52420) , Nov 16, 2024
New vulnerability
AMP Enhancer – Compatibility Layer for Official AMP Plugin (CVE-2026-2027) , Apr 16, 2026
WaveSurfer-WP (CVE-2026-1909) , Apr 16, 2026
xmlrpc attacks blocker (CVE-2026-2502) , Apr 16, 2026
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud! (CVE-2026-0831) , Apr 16, 2026
iRobots.txt SEO (CVE-2025-68840) , Apr 16, 2026