CVE-2026-49069
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
CVE-2026-49069 describes an improper neutralization of input during web page generation in WPZOOM Portfolio, leading to a Reflected XSS vulnerability.
Risk Assessment
An attacker could exploit this vulnerability to execute malicious scripts in the victim's browser context, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to update WPZOOM Portfolio to the latest version to mitigate this vulnerability and implement additional security measures against XSS attacks.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21.

