What is CVE-2026-9060?

CVE-2026-9060 is a low-severity vulnerability, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2026-06-10.

How severe is CVE-2026-9060?

Low severity. CVSS v3 base score is 3.5 out of 10.

CVE-2026-9060

CVE-2026-9060

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as admi…

Vulnerability class: XSS (Cross-Site Scripting)

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N.

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

contact@wpscan.com

Frequently asked questions

What is CVE-2026-9060?: CVE-2026-9060 is a low-severity vulnerability, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2026-06-10.
How severe is CVE-2026-9060?: Low severity. CVSS v3 base score is 3.5 out of 10.