EUVD-2026-25995CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionNVD
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled
AnalysisAI
Stored XSS vulnerability in Check & Log Email WordPress plugin before version 2.0.13 allows authenticated users with low privileges to inject malicious scripts via improper email replacement handling when the email encoder setting is enabled. The vulnerability requires user interaction (UI:R) to execute, affecting confidentiality and integrity with cross-site scope. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Arbitrary file upload in Breeze Cache for WordPress allows unauthenticated remote attackers to upload malicious files an
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some P
Authenticated attackers with Subscriber-level privileges can escalate to Administrator role in Highland Software Custom
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Esca
Remote code execution in Drag and Drop File Upload for Contact Form 7 plugin (≤1.1.3) allows unauthenticated attackers t
Share
External POC / Exploit Code
Leaving vuln.today