CYBERHAWK / CVE / CVE-2026-8438

CVE-2026-8438

HIGH CVSS 7.2 other

The flaw

The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the get_rest_route() function

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-8438

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits