CVE-2026-5306

· NIST NVD ↗

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled

MEDIUM
CVSS severity
5.4
CVSS base score
2026-04-28
Published

Sources