cleantalk
Vulnerabilities and Security Researches

Microtango, CVE-2026-1821

CVE, Research URL

CVE-2026-1821

Home page URL

Security reports for Microtango

Application

Microtango

Published on
Feb 11, 2026
Research Description
The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reservation shortcode in all versions up to, and including, 0.9.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 0.9.30.
Status
vulnerable
Previous vulnerability researches
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2026-1860) , Apr 15, 2026
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2026-3584) , Apr 14, 2026
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2023-45275) , Jun 10, 2024
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2023-46083) , Jun 10, 2024
Contact Form builder with drag & drop for WordPress – Kali Forms (df632be42db45b1b9c83fc4e7a3345d79bb757ff) , Jun 07, 2024
New vulnerability
WP Google Ad Manager Plugin (CVE-2026-1399) , Apr 15, 2026
WP Social Meta (CVE-2026-2498) , Apr 15, 2026
Allow HTML in Category Descriptions (CVE-2026-0693) , Apr 15, 2026
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display G (CVE-2026-1916) , Apr 15, 2026
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscription (CVE-2026-1994) , Apr 15, 2026