CVE-2026-5306

MEDIUM CVSS 5.4 View on NVD ↗

Description

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

https://wpscan.com/vulnerability/97908c15-6e7a-4242-8c6f-66c8b804364c/

Published: Apr 28, 2026 07:16 UTC Modified: Apr 28, 2026 20:13 UTC