CVE-2026-1827
Stored XSS in Flask Micro Code-Editor Plugin for WordPress
Publication date: 2026-02-11
Last updated on: 2026-02-11
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | flask_micro | to 1.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via its codeflask shortcode in all versions up to and including 1.0.0. This vulnerability arises because the plugin does not properly sanitize or escape user-supplied attributes. As a result, authenticated users with contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will execute whenever any user accesses the infected page.
How can this vulnerability impact me? :
This vulnerability can allow attackers with contributor-level access to inject malicious scripts into WordPress pages. These scripts can execute in the browsers of users who visit the infected pages, potentially leading to theft of user credentials, session hijacking, defacement, or distribution of malware. Because the attack is stored, the malicious code persists and affects all visitors to the compromised pages.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Stored Cross-Site Scripting (XSS) via the Flask Micro code-editor plugin's shortcode in WordPress. Detection typically involves identifying if the vulnerable plugin version (up to and including 1.0.0) is installed and if any posts or pages contain the shortcode [codeflask] with maliciously crafted attributes.
Since the vulnerability requires authenticated contributor-level access to inject scripts, detection can include scanning WordPress content for suspicious or unexpected script tags or event handlers within the output of the [codeflask] shortcode.
Suggested commands or methods to detect the vulnerability include:
- Check the installed plugin version via WP-CLI: wp plugin list --status=active | grep flask-micro
- Search the WordPress database for posts or pages containing the shortcode: wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%[codeflask]%'"
- Inspect the content of posts/pages with the shortcode for suspicious script injections or unusual attributes.
- Use web application scanning tools or browser developer tools to monitor for unexpected script execution when accessing pages containing the shortcode.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Update the Flask Micro code-editor plugin to a version that fixes the vulnerability if available. Since the vulnerability affects all versions up to 1.0.0, check for any newer releases.
- If no fixed version is available, temporarily deactivate or uninstall the Flask Micro plugin to prevent exploitation.
- Restrict contributor-level access and above to trusted users only, as the vulnerability requires authenticated contributor-level access.
- Review and sanitize existing posts or pages using the [codeflask] shortcode to remove any injected malicious scripts.
- Implement Web Application Firewall (WAF) rules to block suspicious payloads targeting the shortcode attributes.