XSS in Itracker360
CVE-2026-3572
The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in all versions up to and including 2.2.0. This is due to missing nonce verification on the settings form submission an…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Itracker360 — versions 0
Weakness classification (CWE)
References
- www.wordfence.com/threat-intel/vulnerabilities/id/5ef842ad-3d23-4206-af3b-b3f55…
- plugins.trac.wordpress.org/browser/itracker360/trunk/itracker360.php
- plugins.trac.wordpress.org/browser/itracker360/tags/2.1.9/itracker360.php
- plugins.trac.wordpress.org/browser/itracker360/trunk/itracker360.php
- plugins.trac.wordpress.org/browser/itracker360/tags/2.1.9/itracker360.php
- plugins.trac.wordpress.org/browser/itracker360/trunk/itracker360.php
- plugins.trac.wordpress.org/browser/itracker360/tags/2.1.9/itracker360.php
Frequently asked questions
- What is CVE-2026-3572?
- CVE-2026-3572 is a medium-severity vulnerability in Itracker360, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-03-20.
- How severe is CVE-2026-3572?
- Medium severity. CVSS v3 base score is 6.1 out of 10.