WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability
CVE-2026-49069

7.1HIGH

Key Information:

What is CVE-2026-49069?

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS.

This issue affects WPZOOM Portfolio: from n/a through 1.4.21.

WPZOOM Portfolio <= 1.4.21

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Kent Apostol | Patchstack Bug Bounty Program

CVE-2026-49069 Data