Vulnerability in Dukapress
CVE-2026-2466
The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS: 0.000 (14.4th percentile) — read the EPSS interpretation.
Affected products
- Unknown Dukapress — versions 0
References
- wpscan.com/vulnerability/2843e8fe-0c02-48ee-ada3-f1c3d1ee73eb/ (exploit, vdb-entry, technical-description)