WordPress Plugin Vulnerable To Cross-Site Scripting
A cross-site scripting vulnerability has been disclosed for Kiteworks Secure Data Forms. The vulnerability is identified as CVE-2026-24754 and was published on June 1, 2026.
Topics
Developing
- 882d Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.
- 882d Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
- 882d Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est.
- 882d Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium.
Sources · 7 independent
Bluesky Social
“CVE-2026-24754 - Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting CVE ID : CVE-2026-24754 Published : June 1, 2026, 11:16 p.m.”
Mastodon
“CVE-2026-24752 - High (8.2)Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a...”
Unlock the full story
Get a Pro subscription or above to see the live story progression and the full list of independent sources confirming each event as they happen.
Log in to upgrade