CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs

CVE-2026-3512 | alhadeff Writeprint Stylometry Plugin up to 0.1 on WordPress GET Parameter bjl_wprintstylo_comments_nav cross site scripting (EUVD-2026-12783)

VulDB Archived Mar 18, 2026 ✓ Full text saved

A vulnerability has been found in alhadeff Writeprint Stylometry Plugin up to 0.1 on WordPress and classified as problematic . The impacted element is the function bjl_wprintstylo_comments_nav of the component GET Parameter Handler . Performing a manipulation of the argument p results in cross site scripting. This vulnerability is identified as CVE-2026-3512 . The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

Full text archived locally
✦ AI Summary · Claude Sonnet


    VDB-351502 · CVE-2026-3512 · EUVD-2026-12783 ALHADEFF WRITEPRINT STYLOMETRY PLUGIN UP TO 0.1 ON WORDPRESS GET PARAMETER BJL_WPRINTSTYLO_COMMENTS_NAV CROSS SITE SCRIPTING HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.1 $0-$5k 1.01 Summaryinfo A vulnerability was found in alhadeff Writeprint Stylometry Plugin up to 0.1 on WordPress and classified as problematic. This affects the function bjl_wprintstylo_comments_nav of the component GET Parameter Handler. Executing a manipulation of the argument p can lead to cross site scripting. This vulnerability is tracked as CVE-2026-3512. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component. Detailsinfo A vulnerability was found in alhadeff Writeprint Stylometry Plugin up to 0.1 on WordPress. It has been declared as problematic. This vulnerability affects the function bjl_wprintstylo_comments_nav of the component GET Parameter Handler. The manipulation of the argument p with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As an impact it is known to affect integrity. CVE summarizes: The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjl_wprintstylo_comments_nav() function. The function directly outputs the $_GET['p'] parameter into an HTML href attribute without any escaping. This makes it possible for authenticated attackers with Contributor-level permissions or higher to inject arbitrary web scripts in pages that execute if they can successfully trick another user into performing an action such as clicking on a link. The weakness was disclosed by JohSka. The advisory is available at wordfence.com. This vulnerability was named CVE-2026-3512 since 03/04/2026. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. Upgrading to version 0.1 eliminates this vulnerability. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-12783). Productinfo Type WordPress Plugin Vendor alhadeff Name Writeprint Stylometry Plugin Version 0.1 CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.2 VulDB Meta Temp Score: 5.1 VulDB Base Score: 4.3 VulDB Temp Score: 4.1 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 6.1 CNA Vector (Wordfence): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Cross site scripting CWE: CWE-79 / CWE-94 / CWE-74 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Writeprint Stylometry Plugin 0.1 Timelineinfo 03/04/2026 CVE reserved 03/18/2026 +14 days Advisory disclosed 03/18/2026 +0 days VulDB entry created 03/18/2026 +0 days VulDB entry last update Sourcesinfo Advisory: wordfence.com Researcher: JohSka Status: Confirmed CVE: CVE-2026-3512 (🔒) GCVE (CVE): GCVE-0-2026-3512 GCVE (VulDB): GCVE-100-351502 EUVD: 🔒 Entryinfo Created: 03/18/2026 09:16 Updated: 03/18/2026 11:42 Changes: 03/18/2026 09:16 (69), 03/18/2026 11:42 (1) Complete: 🔍 Cache ID: 99:675:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸
    💬 Team Notes
    Article Info
    Source
    VulDB
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Archived
    Mar 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗