CVE-2026-9271

MEDIUM

KeepInMind - Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-9271. PoCs published by Pavan N.

AI-analyzed exploit summary The KeepInMind WordPress plugin (≤0.8.4.2) contains a stored XSS vulnerability via improper sanitization of CSS properties in the 'content' parameter of its REST API. Attackers with Contributor+ privileges can inject malicious HTML/CSS to create a UI-redressing phishing overlay, tricking administrators into disclosing credentials.

Description

Vulnerability Title

Exploits (1)

exploitdb WRITEUP
by Pavan N · textwebappsmultiple
https://www.exploit-db.com/exploits/52614

The KeepInMind WordPress plugin (≤0.8.4.2) contains a stored XSS vulnerability via improper sanitization of CSS properties in the 'content' parameter of its REST API. Attackers with Contributor+ privileges can inject malicious HTML/CSS to create a UI-redressing phishing overlay, tricking administrators into disclosing credentials.

Classification
Writeup 98%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: KeepInMind Dashboard Notes plugin for WordPress ≤0.8.4.2
Auth required
Prerequisites: Attacker must have Contributor+ privileges in WordPress · Administrator must view the compromised dashboard
mistral-large-3 · analyzed Jul 07, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit vdb-entry technical-description
https://wpscan.com/vulnerability/b5d549b7-17c8-417d-a86a-a7ae356a6eab/

Scores

CVSS v3 5.9
EPSS 0.0041
EPSS Percentile 33.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

Status published
Products (1)
None/KeepInMind Dashboard Notes < 0.8.4.2
Published Jun 12, 2026
Tracked Since Jun 12, 2026