cleantalk
Vulnerabilities and Security Researches

WPZOOM Portfolio, CVE-2026-49069

CVE, Research URL

CVE-2026-49069

Home page URL

Security reports for WPZOOM Portfolio

Application

WPZOOM Portfolio

Published on
Jun 10, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21.
Affected versions
max 1.4.22.
Status
vulnerable
Previous vulnerability researches
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
SKT Skill Bar (CVE-2024-38698) , Jul 15, 2024
SKT Skill Bar (CVE-2025-47482) , May 09, 2025
SKT Skill Bar (CVE-2025-26880) , Apr 15, 2025
New vulnerability
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-9125) , Jun 12, 2026
Extra Fees Plugin for WooCommerce (CVE-2023-33999) , Jun 12, 2026
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery (CVE-2023-33999) , Jun 12, 2026
Form Vibes – Database Manager for Forms (CVE-2023-33999) , Jun 12, 2026
FormsCRM (CVE-2023-33999) , Jun 12, 2026