Stored Cross-Site Scripting in Token of Trust Plugin for WordPress
CVE-2026-2834

7.2HIGH

Key Information:

Vendor: WordPress
Status: Age Verification & Identity Verification By Token Of Trust
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-2834?

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the ‘description’ parameter. This vulnerability permits unauthenticated attackers to inject arbitrary web scripts, which can be executed in victims' browsers upon accessing compromised pages, posing significant security risks and potential data breaches.

Affected Version(s)

Age Verification & Identity Verification by Token of Trust 0 <= 3.32.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/token-of-trust...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

Teerachai Somprasong

CVE-2026-2834 Data

JSON