cleantalk
Vulnerabilities and Security Researches

EventPress, CVE-2026-6268

CVE, Research URL

CVE-2026-6268

Home page URL

Security reports for EventPress

Application

EventPress

Published on
May 27, 2026
Research Description
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_customizer_notify_dismiss_action AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in users.
Affected versions
max 22.2.
Status
vulnerable
Previous vulnerability researches
KiviCare – Clinic & Patient Management System (EHR) (CVE-2026-40792) , May 03, 2026
KiviCare – Clinic & Patient Management System (EHR) (CVE-2026-2992) , Apr 13, 2026
KiviCare – Clinic & Patient Management System (EHR) (CVE-2026-2991) , Apr 13, 2026
KiviCare – Clinic & Patient Management System (EHR) (CVE-2026-25383) , Mar 30, 2026
KiviCare – Clinic & Patient Management System (EHR) (CVE-2026-25034) , Mar 30, 2026
New vulnerability
Simple Divi Shortcode (CVE-2026-9714) , May 30, 2026
Link Whisper Free (CVE-2025-11262) , May 30, 2026
Breeze – WordPress Cache Plugin (CVE-2026-2128) , May 30, 2026
Frontend Admin by DynamiApps (CVE-2026-6226) , May 30, 2026
Frontend Admin by DynamiApps (CVE-2026-7802) , May 30, 2026