CVE-2026-3512 | alhadeff Writeprint Stylometry Plugin up to 0.1 on WordPress GET Parameter bjl_wprintstylo_comments_nav cross site scripting (EUVD-2026-12783)
VulDBArchived Mar 18, 2026✓ Full text saved
A vulnerability has been found in alhadeff Writeprint Stylometry Plugin up to 0.1 on WordPress and classified as problematic . The impacted element is the function bjl_wprintstylo_comments_nav of the component GET Parameter Handler . Performing a manipulation of the argument p results in cross site scripting. This vulnerability is identified as CVE-2026-3512 . The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-351502 · CVE-2026-3512 · EUVD-2026-12783
ALHADEFF WRITEPRINT STYLOMETRY PLUGIN UP TO 0.1 ON WORDPRESS GET PARAMETER BJL_WPRINTSTYLO_COMMENTS_NAV CROSS SITE SCRIPTING
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
5.1 $0-$5k 1.01
Summaryinfo
A vulnerability was found in alhadeff Writeprint Stylometry Plugin up to 0.1 on WordPress and classified as problematic. This affects the function bjl_wprintstylo_comments_nav of the component GET Parameter Handler. Executing a manipulation of the argument p can lead to cross site scripting. This vulnerability is tracked as CVE-2026-3512. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
Detailsinfo
A vulnerability was found in alhadeff Writeprint Stylometry Plugin up to 0.1 on WordPress. It has been declared as problematic. This vulnerability affects the function bjl_wprintstylo_comments_nav of the component GET Parameter Handler. The manipulation of the argument p with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As an impact it is known to affect integrity. CVE summarizes:
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjl_wprintstylo_comments_nav() function. The function directly outputs the $_GET['p'] parameter into an HTML href attribute without any escaping. This makes it possible for authenticated attackers with Contributor-level permissions or higher to inject arbitrary web scripts in pages that execute if they can successfully trick another user into performing an action such as clicking on a link.
The weakness was disclosed by JohSka. The advisory is available at wordfence.com. This vulnerability was named CVE-2026-3512 since 03/04/2026. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project.
Upgrading to version 0.1 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-12783).
Productinfo
Type
WordPress Plugin
Vendor
alhadeff
Name
Writeprint Stylometry Plugin
Version
0.1
CPE 2.3info
🔒
CPE 2.2info
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 5.2
VulDB Meta Temp Score: 5.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 6.1
CNA Vector (Wordfence): 🔒
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Cross site scripting
CWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: Writeprint Stylometry Plugin 0.1
Timelineinfo
03/04/2026 CVE reserved
03/18/2026 +14 days Advisory disclosed
03/18/2026 +0 days VulDB entry created
03/18/2026 +0 days VulDB entry last update
Sourcesinfo
Advisory: wordfence.com
Researcher: JohSka
Status: Confirmed
CVE: CVE-2026-3512 (🔒)
GCVE (CVE): GCVE-0-2026-3512
GCVE (VulDB): GCVE-100-351502
EUVD: 🔒
Entryinfo
Created: 03/18/2026 09:16
Updated: 03/18/2026 11:42
Changes: 03/18/2026 09:16 (69), 03/18/2026 11:42 (1)
Complete: 🔍
Cache ID: 99:675:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸