CVE-2026-9271
MEDIUMKeepInMind - Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-9271. PoCs published by Pavan N.
AI-analyzed exploit summary The KeepInMind WordPress plugin (≤0.8.4.2) contains a stored XSS vulnerability via improper sanitization of CSS properties in the 'content' parameter of its REST API. Attackers with Contributor+ privileges can inject malicious HTML/CSS to create a UI-redressing phishing overlay, tricking administrators into disclosing credentials.
Description
Vulnerability Title
Exploits (1)
The KeepInMind WordPress plugin (≤0.8.4.2) contains a stored XSS vulnerability via improper sanitization of CSS properties in the 'content' parameter of its REST API. Attackers with Contributor+ privileges can inject malicious HTML/CSS to create a UI-redressing phishing overlay, tricking administrators into disclosing credentials.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L