CVE-2026-8438 | davidanderson All-In-One Security Plugin up to 5.4.7 on WordPress AIOS Dashboard get_rest_route REQUEST_URI cross site scripting

SecurityVulns
Yanac

A vulnerability was found in davidanderson All-In-One Security Plugin up to 5.4.7 on WordPress. It has been classified as problematic. This impacts the function get_rest_route of the component AIOS Dashboard. The manipulation of the argument REQUEST_URI leads to cross site scripting.

This vulnerability is traded as CVE-2026-8438. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More