CVE-2026-3367 | lustmored Lockme calendars integration Plugin up to 2.11.0 on WordPress Plugin Settings register_setting/update_option client_id/client_secret/id_prefix/api_domain cross site scripting

SecurityVulns

A vulnerability classified as problematic was found in lustmored Lockme calendars integration Plugin up to 2.11.0 on WordPress. Impacted is the function register_setting/update_option of the component Plugin Settings. Executing a manipulation of the argument client_id/client_secret/id_prefix/api_domain can lead to cross site scripting.

The identification of this vulnerability is CVE-2026-3367. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More