CVE-2026-1613: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in mrlister1 Wonka Slide
The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-1613: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in mrlister1 Wonka Slide
Description
The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-01-29T12:41:26.535Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6986fb97f9fa50a62f1cf0e9
Added to database: 2/7/2026, 8:45:11 AM
Last updated: 2/7/2026, 8:46:05 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2079: Improper Authorization in yeqifu warehouse
MediumCVE-2026-1675: CWE-1188 Initialization of a Resource with an Insecure Default in brstefanovic Advanced Country Blocker
MediumCVE-2026-1643: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ariagle MP-Ukagaka
MediumCVE-2026-1634: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in alexdtn Subitem AL Slider
MediumCVE-2026-1611: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in jmrukkers Wikiloops Track Player
MediumActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.