CVE-2026-5306

Summary

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled

Affected Software

VendorProductVersion RangeStatus
UnknownCheck & Log Email0 < 2.0.13affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References