Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
Itsukaita Plugin for WordPress Can Execute Malicious Code
CVE-2026-2427
Summary
The Itsukaita plugin for WordPress has a security flaw that allows hackers to inject malicious code into the plugin. This could happen if an administrator clicks on a link sent by the hacker. To stay safe, update the Itsukaita plugin to the latest version or uninstall it if you're not using it.
Original title
The itsukaita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'day_from' and 'day_to' parameters in all versions up to, and including, 0.1.2 due to insufficient input s...
Original description
The itsukaita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'day_from' and 'day_to' parameters in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.
nvd CVSS3.1
6.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026