Ghostwire

CVE-2026-56347: AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering...

MEDIUM CVSS 6.1 Exploit Available

Published: June 20, 2026 | Last Modified: June 20, 2026

Description

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site visitors, potentially stealing session cookies or performing unauthorized actions.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2026-56347: AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering...

Description

Ghostwire Analysis — What This Means Practically

References