CVE-2026-5776

Summary

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks

Affected Software

VendorProductVersion RangeStatus
UnknownEmail Encoder0 < 2.4.7affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References