CVE-2026-5305

Summary

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks

Affected Software

VendorProductVersion RangeStatus
UnknownEmail Address Encoder0 < 1.0.25affected
Unknownemail-encoder-premium0 < 0.3.12affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References